Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution.
The formexeCommand function retrieves the cmdinput parameter from the HTTP POST request and assigns it to the str variable, which is then passed to the cmd_buf variable. The cmd_buf variable is passed directly to the doSystemCmd function without any validation or sanitization of input data. This allows an attacker to inject arbitrary system commands that will be executed with the privileges of the process handling the request.
An unauthenticated attacker can remotely execute arbitrary commands in the device's operating system over the network, which may result in complete takeover of the router, violation of data confidentiality and integrity, and disruption of its operation.
Patches available from the manufacturer should be applied in accordance with the references. Until an update is released, it is recommended to restrict access to the router's administrative interface only to trusted IP addresses and isolate the device using a firewall.
Tenda AC10 V1.0 with firmware version V15.03.06.23
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac10
HWTenda1.0Tenda Ac10 Firmware
OSTenda15.03.06.23
Related vulnerabilities
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firm...
Buffer overflow w Tenda AC10 β RCE i DoS przez pole serviceName
Buffer Overflow w Tenda AC10 β handler formSetPPTPUserList
Buffer overflow w Tenda AC10 β podatnoΕΔ w funkcji AdvSetMacMtuWan (mac2)
Buffer Overflow w Tenda AC10 β parametr ssid w form_fast_setting_wifi_set