Описание
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter.
Ссылки
- Broken Link
- Third Party Advisory
- Broken Link
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\(9502\)_cn:*:*:*:*:*:*:*
cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\(9502\)_cn:*:*:*:*:*:*:*
cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02076
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77
Связанные уязвимости
github
почти 4 года назад
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter.
EPSS
Процентиль: 84%
0.02076
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77