Описание
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter.
Ссылки
- Broken LinkExploitThird Party Advisory
- Broken LinkExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\(9502\)_cn:*:*:*:*:*:*:*
cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\(9502\)_cn:*:*:*:*:*:*:*
cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04328
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77
Связанные уязвимости
github
почти 4 года назад
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter.
EPSS
Процентиль: 89%
0.04328
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77