The vulnerability of the formsetUsbUnload function in the microprogramming software for Tenda AC7, Tenda AC9, and Tenda AC10 allows a hacker to execute arbitrary operating system commands.

The vulnerability of the formsetUsbUnload function in the microprogramming software for Tenda AC7, Tenda AC9, and Tenda AC10 exists due to the lack of measures taken to neutralize the special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to...

Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability

Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request...

VulnCheck KEV: CVE-2018-14558

Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request...

Tenda AC15 AC1900 Remote Code Execution Vulnerability

Tenda AC15 AC1900 is a wireless router from Tenda, a Chinese company. A remote code execution vulnerability exists in the goform/setUsbUnload endpoint in the Tenda AC15 AC1900 version 15.03.05.19, which can be exploited to execute arbitrary system commands via the deviceName POST parameter...

CVE-2020-10987

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter...