2 matches found
Tenda Command Injection (CVE-2020-15916)
A command injection vulnerability exists in Tenda. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2020-15916
The CVE concerns Tenda AC15/AC1900 devices (version 15.03.05.19) with a vulnerability in the goform/AdvSetLanip endpoint. It allows remote attackers to execute arbitrary system commands by injecting shell metacharacters into the lanIp POST parameter. Impact is high: remote, unauthenticated comman...