CVE-2024-41473

Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac...

CVE-2024-41473

The advisory covers CVE-2024-41473 affecting Tenda FH1201 v1.2.0.14, where a command injection vulnerability exists in the mac parameter of ip/goform/WriteFacMac. The vulnerability targets the management interface and could allow an attacker to execute arbitrary commands. Reported impact is high/...

Tenda FH1201 安全漏洞

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 suffers from a command injection vulnerability, which originates from the mac parameter of ip/goform/WriteFacMac failing to correctly filter constructed command special characters, commands, etc. The vulnerability can be...

PT-2024-5258 · Tenda · Tenda Fh1201

Name of the Vulnerable Software and Affected Versions: Tenda FH1201 version 1.2.0.14 Description: The issue is related to a command injection vulnerability. It is associated with the lack of data sanitization at the management level, specifically via the mac parameter at the "ip/goform/WriteFacMa...

CVE-2024-35339

Tenda FH1206 V1.2.0.88155 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac...

CVE-2024-35339

Tenda FH1206 V1.2.0.88155 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac...

CVE-2024-35339

The CVE-2024-35339 entry concerns Tenda FH1206, affected version 1.2.0.8(8155), with a command injection vulnerability exposed via the mac parameter at ip/goform/WriteFacMac. The issue is described as allowing remote command execution and is supported by multiple sources. The CVSSv3.1 vector indi...

PT-2024-3832 · Tenda · Tenda Fh1206

Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 1.2.0.88155 Description: The issue is related to a command injection vulnerability. It can be exploited via the mac parameter at the "/ip/goform/WriteFacMac" endpoint, allowing a remote attacker to execute arbitrary...

Tenda AC500 Command Injection Vulnerability

The Tenda AC500 is a Gigabit port access controller from Tenda, China. A command injection vulnerability exists in Tenda AC500 version 2.0.1.91307, which stems from a command injection issue in the mac parameter of the formWriteFacMac method of the /goform/WriteFacMac file. No details of the...

Tenda W30E 操作系统命令注入漏洞

The Tenda W30E is a wireless router device that provides Internet access, wireless coverage and more. A command injection vulnerability exists in the formWriteFacMac function of the /goform/WriteFacMac file in version 1.0.1.25633 of the Tenda W30E, which can be exploited by an attacker to execute...

PT-2024-5065 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A critical issue affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The...

Tenda FH1203 formWriteFacMac Method Command Injection Vulnerability

Tenda FH1203 is a dual-band wireless router from China's Tenda, mainly used for home network coverage and enhancement. The Tenda FH1203 suffers from a command injection vulnerability that stems from the mac parameter of the formWriteFacMac method of the /goform/WriteFacMac file failing to properl...

CVE-2024-3009 Tenda FH1205 WriteFacMac formWriteFacMac command injection

A vulnerability has been found in Tenda FH1205 2.0.0.7775 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit h...

CVE-2024-3009

CVE-2024-3009 affects Tenda FH1205 firmware v2.0.0.7(775). The vulnerability lies in the function formWriteFacMac in the file /goform/WriteFacMac, where manipulating the mac argument leads to command injection. This can be triggered remotely over a network with no user interaction, and public exp...

CVE-2024-2982 Tenda FH1202 WriteFacMac formWriteFacMac command injection

A vulnerability has been found in Tenda FH1202 1.2.0.14408 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and...

CVE-2024-2982 Tenda FH1202 WriteFacMac formWriteFacMac command injection

A vulnerability has been found in Tenda FH1202 1.2.0.14408 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and...

Tenda FH1202 命令注入漏洞

The Tenda FH1202 is a wireless router from Tenda, China. A command injection vulnerability exists in the Tenda FH1202 version 1.2.0.14408, which is caused by a command injection in the mac parameter of the formWriteFacMac method of the /goform/WriteFacMac file...

Tenda FH1203 命令注入漏洞

The Tenda FH1203 is a wireless router from Tenda, China. A command injection vulnerability exists in the Tenda FH1203 version 2.0.1.6, which is caused by a command injection in the mac parameter of the formWriteFacMac method of the /goform/WriteFacMac file...

PT-2024-23131 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda FH1203 version 2.0.1.6 Description: A critical vulnerability has been found in the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated...

CVE-2024-2897 Tenda AC7 WriteFacMac formWriteFacMac os command injection

A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclose...