Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
The vulnerability is located in the formsetUsbUnload function, which processes the deviceName parameter without proper validation and sanitization of input data. An attacker can send a specially crafted request containing a malicious payload in the deviceName field, thereby injecting arbitrary system commands. These commands are then executed by the device with the privileges of the process handling the request.
A remote unauthenticated attacker can execute arbitrary system commands on the vulnerable device, leading to complete takeover of control, disclosure of sensitive configuration data, and violation of device integrity and availability.
Security patches available from the manufacturer should be applied according to the references. Until an update is released, it is recommended to restrict access to the device's administrative interface only to trusted local networks and block Internet access through a firewall.
Tenda AC9 with firmware version V15.03.06.42_multi
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac9
HWTendawszystkie wersjeTenda Ac9 Firmware
OSTenda15.03.06.42_multi
Related vulnerabilities
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firm...
Command injection w funkcji Telnet routera Tenda AC9
Command injection w Tenda AC9 — funkcja formSetSambaConf (parametr usbname)
Tenda AC9 – stack overflow w WifiBasicSet umożliwia zdalny RCE
Stack overflow w Tenda AC9 – RCE przez parametr rebootTime