{ "id": "CVE-2023-23080", "sourceIdentifier": "cve@mitre.org", "published": "2023-02-27T14:15:10.613", "lastModified": "2023-03-07T16:55:09.770", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-77" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:tenda:it7-lcs_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "2209020914", "matchCriteriaId": "8E5742BF-D47F-4DA5-9BCC-F0D52DCDE006" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:tenda:it7-lcs:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F80CFE9-86E6-4CD0-8FD2-C30BBCB167D3" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:tenda:it7-pcs_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "2209020914", "matchCriteriaId": "3D5BC1F0-34D6-47EE-BAA0-3169B38B266A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:tenda:it7-pcs:-:*:*:*:*:*:*:*", "matchCriteriaId": "D64B36F5-F25C-488D-AC93-D41EE9385308" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:tenda:it7-prs_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "2209020908", "matchCriteriaId": "F736E2FD-DCFF-4185-A100-5F1384588751" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:tenda:it7-prs:-:*:*:*:*:*:*:*", "matchCriteriaId": "E454A2B7-511E-48C2-9799-52C69064D844" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:tenda:cp3_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "20220906024_2025", "matchCriteriaId": "F2AD549B-15EF-4542-AC06-F9F13E967B56" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:tenda:cp3:-:*:*:*:*:*:*:*", "matchCriteriaId": "16FD7FFD-98DF-46EC-B95C-7B12C172453C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:tenda:cp7_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.10.00.2211041403", "matchCriteriaId": "2E94CFF8-CDB8-4BBD-ACE2-70926E408196" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:tenda:cp7:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AF52C97-2A9F-45CA-A258-827B8DA08B26" } ] } ] } ], "references": [ { "url": "https://github.com/fxc233/iot-vul/tree/main/Tenda/IPC", "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ] } ] }