CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2020-10987

CVSS 9.8v3.1pub. 2020-07-13upd. 2025-11-07

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac15

    HW
    Tenda
    wszystkie wersje
  • Tenda Ac15 Firmware

    OS
    Tenda
    15.03.05.19

CISA KEV — detailsi

Vendori
Tenda
Producti
AC1900 Router AC15 Model
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 maja 2022
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2026-24103CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC15 — podatność w goform/formSetMacFilterCfg

CVE-2026-24105CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru w formsetUsbUnload

CVE-2026-24101CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru formSetIptv

CVE-2025-63666CRITICAL9.8PL ✓ten sam produkt

Tenda AC15: słaby mechanizm cookie sesji ujawniający hash hasła

CVE-2025-29462CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC15 — przepełnienie stosu przez HTTP