Lucene search
China National Vulnerability DatabaseCNVD-2023-58826HistoryJul 11, 2023 - 12:00 a.m.
Tenda AC10 Command Execution Vulnerability
2023-07-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
tenda
ac10
command execution
vulnerability
wireless router
chinese company
version v15.03.06.26
application
filtering
command injection
attack
formwritefacmac
mac parameter
exploit
attacker
cnvd
EPSS
0.005
Percentile
77.7%
The Tenda AC10 is a wireless router from the Chinese company Tenda. A command execution vulnerability exists in Tenda AC10 version v15.03.06.26. The vulnerability stems from the application failing to properly filter constructed command special characters, commands, etc. The vulnerability can be exploited by an attacker via formWriteWriteWriteWrite. An attacker can exploit this vulnerability to conduct a command injection attack via the mac parameter of the formWriteFacMac method.
Related
cvelist
cvelist
CVE-2023-37144
2023-07-07 00:00:00
cve
cve
CVE-2023-37144
2023-07-07 14:15:09
nvd
nvd
CVE-2023-37144
2023-07-07 14:15:09
prion
prion
Command injection
2023-07-07 14:15:00