Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2024-15743
HistoryMar 22, 2024 - 12:00 a.m.

Tenda AC10 OS Command Injection Vulnerability (CNVD-2024-15743)

2024-03-2200:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
tenda ac10u
wireless router
chinese company
command injection
vulnerability
mac parameter
formwritefacmac function
/goform/writefacmac file
arbitrary command execution

7.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

The Tenda AC10 is a wireless router from the Chinese company Tenda. Tenda AC10U version 15.03.06.49 suffers from an operating system command injection vulnerability, which originates from the mac parameter of the formWriteFacMac function of the /goform/WriteFacMac file failing to correctly filter the constructor command special characters, commands, and so on. An attacker can exploit this vulnerability to cause arbitrary command execution.

CPENameOperatorVersion
tenda ac10 15.eq03.06.49

7.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

Related for CNVD-2024-15743