EUVD-2024-32476

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Critical vulnerability in Tenda AC500 allows remote command injection via formWriteFacMac function

Reporter	Title	Published	Views	Family All 7
CNNVD	Tenda AC500 命令注入漏洞	17 Apr 202400:00	–	cnnvd
CNVD	Tenda AC500 Command Injection Vulnerability	19 Apr 202400:00	–	cnvd
CVE	CVE-2024-3908	17 Apr 202411:31	–	cve
Cvelist	CVE-2024-3908 Tenda AC500 WriteFacMac formWriteFacMac command injection	17 Apr 202411:31	–	cvelist
NVD	CVE-2024-3908	17 Apr 202412:15	–	nvd
RedhatCVE	CVE-2024-3908	23 May 202510:16	–	redhatcve
Vulnrichment	CVE-2024-3908 Tenda AC500 WriteFacMac formWriteFacMac command injection	17 Apr 202411:31	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "27b91f16-7ab8-3084-9950-12fe9e35ddbb",
        "vendor": {
          "name": "Tenda"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "67b20574-a5a9-3b4a-882e-3dcd24cb532b",
        "product": {
          "name": "AC500"
        }
      },
      {
        "id": "80c9989c-f1ce-333d-bf45-0f62bc8a3073",
        "product": {
          "name": "AC500"
        },
        "product_version": "2.0.1.9(1307)"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formWriteFacMac.md

03 Oct 2025 20:07Current

7High risk

Vulners AI Score7

CVSS 3.16.3 - 9.8

CVSS 26.5

CVSS 36.3

EPSS0.0761

SSVC