Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2024-15743
HistoryMar 22, 2024 - 12:00 a.m.

Tenda AC10 OS Command Injection Vulnerability (CNVD-2024-15743)

2024-03-2200:00:00
China National Vulnerability Database
www.cnvd.org.cn
3
tenda ac10u
wireless router
chinese company
command injection
vulnerability
mac parameter
formwritefacmac function
/goform/writefacmac file
arbitrary command execution

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7.6 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

16.3%

JSON

The Tenda AC10 is a wireless router from the Chinese company Tenda. Tenda AC10U version 15.03.06.49 suffers from an operating system command injection vulnerability, which originates from the mac parameter of the formWriteFacMac function of the /goform/WriteFacMac file failing to correctly filter the constructor command special characters, commands, and so on. An attacker can exploit this vulnerability to cause arbitrary command execution.

CPENameOperatorVersion
tenda ac10 15.eq03.06.49

Related

cvelist 1
nvd 1
cve 1
cvelist
cvelist
CVE-2024-2707 Tenda AC10U WriteFacMac formWriteFacMac os command injection
2024-03-20 17:00:07
nvd
nvd
CVE-2024-2707
2024-03-20 17:15:08
cve
cve
CVE-2024-2707
2024-03-20 17:15:08

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7.6 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

16.3%

JSON
Related for CNVD-2024-15743
cvelist1nvd1cve1