Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges.
[
{
"cpes": [
"cpe:2.3:o:tenda:o3v2_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "tenda",
"product": "o3v2_firmware",
"versions": [
{
"status": "affected",
"version": "1.0.0.12\\(3880\\)"
}
],
"defaultStatus": "unknown"
}
]