CVE-2023-23080

high-risk
Published 2023-02-27

Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908.

Do I need to act?

~
4.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (5)

It7-Lcs Firmware
It7-Pcs Firmware
It7-Prs Firmware
Cp3 Firmware
Cp7 Firmware

Affected Vendors

Tenda

References (2)

Exploit https://github.com/fxc233/iot-vul/tree/main/Tenda/IPC
Exploit https://github.com/fxc233/iot-vul/tree/main/Tenda/IPC
52
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 12/34 · Low