3 matches found
Tenda Routers Command Injection (CVE-2020-10987; CVE-2018-14558)
A command injection vulnerability exists in Tenda Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2018-14558
creationtimestamp| type| source ---|---|--- 2020-10-05 09:50:10+00:00| exploited| https://t.me/informationsecuritychannel/40792 2021-11-08 08:58:20+00:00| seen| MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422 2021-11-20 09:53:52+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-12-04...
CVE-2018-14558
CVE-2018-14558 affects Tenda AC7/AC9/AC10 routers (firmware: AC7 ≤ V15.03.06.44_CN, AC9 ≤ V15.03.05.19(6318)_CN, AC10 ≤ V15.03.06.23_CN). The flaw arises in the formsetUsbUnload function, which calls dosystemCmd with untrusted input via a crafted goform/setUsbUnload request, leading to arbitrary ...