Lucene search
China National Vulnerability DatabaseCNVD-2024-15743HistoryMar 22, 2024 - 12:00 a.m.
Tenda AC10 OS Command Injection Vulnerability (CNVD-2024-15743)
2024-03-2200:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
tenda ac10u
wireless router
chinese company
command injection
vulnerability
mac parameter
formwritefacmac function
/goform/writefacmac file
arbitrary command execution
The Tenda AC10 is a wireless router from the Chinese company Tenda. Tenda AC10U version 15.03.06.49 suffers from an operating system command injection vulnerability, which originates from the mac parameter of the formWriteFacMac function of the /goform/WriteFacMac file failing to correctly filter the constructor command special characters, commands, and so on. An attacker can exploit this vulnerability to cause arbitrary command execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tenda ac10 15. | eq | 03.06.49 |
Related
cvelist
cvelist
CVE-2024-2707 Tenda AC10U WriteFacMac formWriteFacMac os command injection
2024-03-20 17:00:07
cve
cve
CVE-2024-2707
2024-03-20 17:15:08
nvd
nvd
CVE-2024-2707
2024-03-20 17:15:08