CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2018-14558

CVSS 9.8v3.1pub. 2018-10-30upd. 2025-11-07

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac10

    HW
    Tenda
    wszystkie wersje
  • Tenda Ac10 Firmware

    OS
    Tenda
    ≤ 15.03.06.23_cn
  • Tenda Ac7

    HW
    Tenda
    wszystkie wersje
  • Tenda Ac7 Firmware

    OS
    Tenda
    ≤ 15.03.06.44_cn
  • Tenda Ac9

    HW
    Tenda
    wszystkie wersje
  • Tenda Ac9 Firmware

    OS
    Tenda
    ≤ 15.03.05.19\(6318\)_cn

CISA KEV — detailsi

Vendori
Tenda
Producti
AC7, AC9, and AC10 Routers
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 maja 2022
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2025-67073CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC10 – RCE i DoS przez pole serviceName

CVE-2025-45779CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w Tenda AC10 — handler formSetPPTPUserList

CVE-2025-45042CRITICAL9.8PL ✓ten sam produkt

Command injection w funkcji Telnet routera Tenda AC9

CVE-2025-44872CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC9 via parametr deviceName

CVE-2025-44877CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC9 — funkcja formSetSambaConf (parametr usbname)