Lucene search

MitreCVE-2024-36604

HistoryJun 04, 2024 - 7:20 p.m.

CVE-2024-36604

2024-06-0419:20:13

CWE-77

mitre

web.nvd.nist.gov

cve-2024-36604

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

JSON

Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges.

Affected configurations

Nvd

Node

tendacno3v2_firmwareMatch1.0.0.12\(3880\)

AND

tendacno3v2Match-

VendorProductVersionCPE
tendacno3v2_firmware1.0.0.12(3880)cpe:2.3:o:tendacn:o3v2_firmware:1.0.0.12\(3880\):*:*:*:*:*:*:*
tendacno3v2-cpe:2.3:h:tendacn:o3v2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tendacn	o3v2_firmware	1.0.0.12(3880)	cpe:2.3:o:tendacn:o3v2_firmware:1.0.0.12\(3880\):::::::*
tendacn	o3v2	-	cpe:2.3:h:tendacn:o3v2:-:::::::*

References

exzettabyte.me/blind-command-injection-in-stp-service-on-tenda-o3v2/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

JSON

Related for CVE-2024-36604