Lucene search

[email protected]CVE-2022-40847

HistoryNov 15, 2022 - 2:15 a.m.

CVE-2022-40847

2022-11-1502:15:11

CWE-78

[email protected]

web.nvd.nist.gov

cve-2022-40847

tenda

ac1200

router

command injection vulnerability

formsetfixtools

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

33.5%

JSON

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.

Affected configurations

NVD

Node

tendaw15e_firmwareMatch15.11.0.10\(1576\)

AND

tendaac1200_v-w15ev2Match-

CPENameOperatorVersion
tenda:w15e_firmwaretenda w15e firmwareeq15.11.0.10\(1576\)

CPE	Name	Operator	Version
tenda:w15e_firmware	tenda w15e firmware	eq	15.11.0.10\(1576\)

References

boschko.ca/tenda_ac1200_router/

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

33.5%

JSON

Related for CVE-2022-40847

prion1 nvd1 cvelist1