Tenda AC15 formWriteFacMac Method Command Injection Vulnerability

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol with a theoretical transmission rate of 1900Mbps 600Mbps in 2.4GHz band and 1300Mbps in 5GHz band. Tenda AC15 suffers from a command injection vulnerabilit...

CVE-2024-2812

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The...

CVE-2024-2812 Tenda AC15 WriteFacMac formWriteFacMac os command injection

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The...

Tenda AC10 OS Command Injection Vulnerability (CNVD-2024-15743)

The Tenda AC10 is a wireless router from the Chinese company Tenda. Tenda AC10U version 15.03.06.49 suffers from an operating system command injection vulnerability, which originates from the mac parameter of the formWriteFacMac function of the /goform/WriteFacMac file failing to correctly filter...

CVE-2024-2707

A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has...

CVE-2024-2707

A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has...

Tenda AC10 操作系统命令注入漏洞

The Tenda AC10 is a wireless router from the Chinese company Tenda. Tenda AC10U version 15.03.06.49 suffers from an operating system command injection vulnerability, which originates from the mac parameter of the formWriteFacMac function of the /goform/WriteFacMac file failing to correctly filter...

PT-2024-2467 · Tenda · Tenda Fh1205

Name of the Vulnerable Software and Affected Versions: Tenda FH1205 version 2.0.0.7775 Description: A critical vulnerability has been found in the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched...

PT-2024-2345 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U versions 15.03.06.49 Description: The issue is related to the function formWriteFacMac, specifically the /goform/WriteFacMac endpoint, where a lack of proper sanitization of special elements in the command allows for os command...

PT-2024-2407 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 versions 15.03.05.18 through 15.03.20 multi Description: A critical issue affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection, allowing remote...

Tenda AC5 Code Execution Vulnerability

Tenda AC5 is a wireless router from Tenda, a Chinese company. A code execution vulnerability exists in Tenda AC5 version V15.03.06.28, which stems from the Mac parameter of ip/goform/WriteFacMac failing to correctly filter special elements of the constructed snippet. An attacker can exploit this...

CVE-2023-31587

Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution RCE vulnerability via the Mac parameter at ip/goform/WriteFacMac...

CVE-2023-31587

Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution RCE vulnerability via the Mac parameter at ip/goform/WriteFacMac...

CVE-2023-31587

Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution RCE vulnerability via the Mac parameter at ip/goform/WriteFacMac...

Tenda AC5 安全漏洞

Tenda AC5 is a wireless router from Tenda, a Chinese company. A code execution vulnerability exists in Tenda AC5 version V15.03.06.28, which stems from the Mac parameter of ip/goform/WriteFacMac failing to correctly filter special elements of the constructed snippet. An attacker can exploit this...

CVE-2023-31587

CVE-2023-31587 affects Tenda AC5 router V15.03.06.28. A remote code execution (RCE) vulnerability exists via the Mac parameter at ip/goform/WriteFacMac, arising from insufficient input validation on the Mac field. Documented impact is arbitrary code execution with network access. Several sources ...

PT-2023-3384 · Tenda · Tenda Ac5

Name of the Vulnerable Software and Affected Versions: Tenda AC5 router version V15.03.06.28 Description: The issue is related to insufficient input validation in the Tenda AC5 router's firmware, which can be exploited by a remote attacker to execute arbitrary code using the Mac parameter at the...

Tenda F1203 Command Injection Vulnerability

Tenda F1203 is a 11AC 1200M intelligent dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. and Ali. A command injection vulnerability exists in Tenda F1203 V2.0.1.6. An attacker can use this vulnerability to perform command injection via the mac parameter of...

CVE-2022-46538

Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac...

PT-2022-27892 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A command injection issue was discovered via the mac parameter at the "/goform/WriteFacMac" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, as a temporary workaround, consider restricti...