Lucene search

[email protected]CVE-2023-49409

HistoryDec 07, 2023 - 6:15 p.m.

CVE-2023-49409

2023-12-0718:15:08

[email protected]

web.nvd.nist.gov

tenda

ax3

v16.03.12.11

command execution

cve-2023-49409

nvd

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.6%

JSON

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.

Affected configurations

NVD

Node

tendaax3_firmwareMatch16.03.12.11

AND

tendaax3Match-

CPENameOperatorVersion
tenda:ax3_firmwaretenda ax3 firmwareeq16.03.12.11

CPE	Name	Operator	Version
tenda:ax3_firmware	tenda ax3 firmware	eq	16.03.12.11

References

github.com/GD008/TENDA/blob/main/AX3/tenda_AX3_telnet/AX3_telnet.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.6%

JSON

Related for CVE-2023-49409

prion1 nvd1 cvelist1