Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.
CPE | Name | Operator | Version |
---|---|---|---|
g1_firmware | eq | 15.11.179502-cn | |
g3_firmware | eq | 15.11.179502-cn |