exploitDog

CVE-2022-24148

Опубликовано: 04 фев. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.

Ссылки

https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_14/14.md
Broken Link
Exploit
Third Party Advisory
https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_14/14.md
Broken Link
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:ax3_firmware:16.03.12.10_cn:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ax3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.09137

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-3q82-gprf-75fq

github

почти 4 года назад

Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.

EPSS

Процентиль: 92%

0.09137

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-77