Lucene search
PRIOn knowledge basePRION:CVE-2021-27692HistoryApr 16, 2021 - 12:15 a.m.
Command injection
2021-04-1600:15:00
PRIOn knowledge base
www.prio-n.com
1
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted “action/umountUSBPartition” request. This occurs because the “formSetUSBPartitionUmount” function executes the “doSystemCmd” function with untrusted input.
| CPE | Name | Operator | Version |
|---|---|---|---|
| g1_firmware | eq | 15.11.169024-cn | |
| g1_firmware | eq | 15.11.179502-cn | |
| g3_firmware | eq | 15.11.169024-cn | |
| g3_firmware | eq | 15.11.179502-cn |
Related
cve
cve
CVE-2021-27692
2021-04-16 00:15:12
cnvd
cnvd
Tenda G1 and G3 OS Command Injection Vulnerability
2021-04-19 00:00:00
cvelist
cvelist
CVE-2021-27692
2021-04-15 23:14:32
nvd
nvd
CVE-2021-27692
2021-04-16 00:15:12