LiveActive security incident?Get immediate response
CVE Record

CVE-2023-50992: Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing func...

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2023-50992 describes a stack overflow in the Tenda i29 v1.0 firmware V1.0.0.5. The vulnerable input is the ip parameter in the setPing function. The source bundle does not provide CVSS, confirmed exploitation, patch status, or vendor remediation details.

Executive priority

Prioritize inventory and exposure reduction if Tenda i29 devices are present. The business urgency cannot be rated precisely because public severity, exploitation, and patch evidence are incomplete.

Technical view

The public record states that Tenda i29 v1.0 V1.0.0.5 contains a stack overflow reachable through the ip parameter handled by setPing. No CWE, CVSS vector, authentication requirement, attack vector, or reliable impact scope is provided in the supplied CVE data.

Likely exposure

Exposure is limited to environments using Tenda i29 v1.0 devices running firmware V1.0.0.5. Risk depends on whether the affected management or diagnostic function is reachable from untrusted networks.

Exploitation context

The CVE is not listed as KEV in the supplied bundle. The referenced public GitHub page appears to document the issue, but the bundle does not establish active exploitation in the wild.

Researcher notes

The useful technical anchor is the ip parameter in setPing on Tenda i29 v1.0 V1.0.0.5. Avoid assuming remote code execution, authentication bypass, or exploit maturity without additional primary evidence.

Mitigation direction

  • Inventory Tenda i29 devices and identify firmware version V1.0.0.5.
  • Check Tenda or device supplier guidance for firmware updates or replacement advice.
  • Restrict management and diagnostic interfaces to trusted administrative networks only.
  • Block internet exposure to affected device administration surfaces.
  • Replace or isolate unsupported affected devices where no vendor fix is available.

Validation and detection

  • Confirm whether any Tenda i29 v1.0 devices run firmware V1.0.0.5.
  • Identify whether affected device interfaces are reachable from untrusted networks.
  • Review firewall and network segmentation rules around device management access.
  • Monitor vendor, CVE, and reference sources for patch or exploitation updates.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-50992 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
2Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.