Lucene search

[email protected]NVD:CVE-2022-40847

HistoryNov 15, 2022 - 2:15 a.m.

CVE-2022-40847

2022-11-1502:15:11

CWE-78

[email protected]

web.nvd.nist.gov

tenda router

command injection

vulnerability

arbitrary commands

hostname parameter

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.3%

JSON

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.

Affected configurations

Nvd

Node

tendaw15e_firmwareMatch15.11.0.10\(1576\)

AND

tendaac1200_v-w15ev2Match-

VendorProductVersionCPE
tendaw15e_firmware15.11.0.10(1576)cpe:2.3:o:tenda:w15e_firmware:15.11.0.10\(1576\):*:*:*:*:*:*:*
tendaac1200_v-w15ev2-cpe:2.3:h:tenda:ac1200_v-w15ev2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	w15e_firmware	15.11.0.10(1576)	cpe:2.3:o:tenda:w15e_firmware:15.11.0.10\(1576\):::::::*
tenda	ac1200_v-w15ev2	-	cpe:2.3:h:tenda:ac1200_v-w15ev2:-:::::::*

References

boschko.ca/tenda_ac1200_router/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.3%

JSON

Related for NVD:CVE-2022-40847

prion1 cve1 cvelist1