CRITICAL🇵🇱 Wersja polska

CVE-2021-44971

CVSS 9.8v3.1pub. 2022-01-28upd. 2026-07-05

Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac15

    HW
    Tenda
    1.0
  • Tenda Ac15 Firmware

    OS
    Tenda
    15.03.05.20_multi
  • Tenda Ac5

    HW
    Tenda
    1.0
  • Tenda Ac5 Firmware

    OS
    Tenda
    15.03.06.48_multi
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2020-10987CRITICAL9.8⚠ KEVten sam produkt

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute a...

CVE-2026-24103CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC15 — podatność w goform/formSetMacFilterCfg

CVE-2026-24105CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru w formsetUsbUnload

CVE-2026-24101CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru formSetIptv

CVE-2025-63666CRITICAL9.8PL ✓ten sam produkt

Tenda AC15: słaby mechanizm cookie sesji ujawniający hash hasła