Описание
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters.
Ссылки
- Broken LinkExploitThird Party Advisory
- Broken LinkExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:tenda:ax3_firmware:16.03.12.10_cn:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ax3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10519
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77
Связанные уязвимости
github
почти 4 года назад
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters.
EPSS
Процентиль: 93%
0.10519
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77