2 matches found
CVE-2019-5071
CVE-2019-5071 is a confirmed command-injection vulnerability in the Tenda AC9 router, exposed via the /goform/WanParameterSetting endpoint. The vulnerability allows a locally authenticated attacker to inject commands through the DNS1 DNS2 post parameters in a crafted HTTP POST, leading to code ex...
Tenda AC9 /goform/WanParameterSetting Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route AC9V1.0 Firmware V15.03.05.16multiTRU. A specially crafted HTTP POST request can cause a command injection, resulting in cod...