An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.
In handling requests directed to the goform/formsetUsbUnload endpoint, the value of the `v1` parameter is not validated or sanitized in any way. If untrusted data from this parameter is passed to the doSystemCmd function, an attacker can inject arbitrary system commands that will be executed in the context of the device. The attack can be performed remotely, without authentication, with low complexity.
An attacker can gain full control over the device, including reading and modifying its configuration, intercepting network traffic, and permanently disrupting the router's availability. It is also possible to use the compromised device as an entry point to the local network.
Patches available from the manufacturer should be applied according to references (https://www.tenda.com.cn/material/show/2710). Until the update is implemented, it is recommended to restrict access to the router's administrative panel only to trusted hosts on the local network and block access to the management interface from the WAN side.
Tenda AC15 V1.0 with firmware version V15.03.05.18_multi
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac15
HWTenda1.0Tenda Ac15 Firmware
OSTenda15.03.05.18
Related vulnerabilities
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute a...
Buffer overflow w Tenda AC15 — podatność w goform/formSetMacFilterCfg
Command injection w Tenda AC15 — brak walidacji parametru formSetIptv
Tenda AC15: słaby mechanizm cookie sesji ujawniający hash hasła
Buffer overflow w Tenda AC15 — przepełnienie stosu przez HTTP