Описание
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution.
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:tenda:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00795
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-77
CWE-94
Связанные уязвимости
CVSS3: 9.8
github
12 месяцев назад
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution.
EPSS
Процентиль: 74%
0.00795
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-77
CWE-94