Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.
The vulnerability results from improper validation of input data passed to the Telnet function in the device firmware (CWE-77, CWE-78). An attacker can construct a specially crafted request containing malicious system commands, which will be executed by the device's command interpreter without proper filtering. The attack does not require authentication or any user interaction and can be conducted remotely over the network.
Successful exploitation of the vulnerability allows an attacker to take full control of the device — they can read and modify configuration data, change network settings, and use the router as an entry point for further lateral movement in the local network.
Apply patches available from the manufacturer according to the references. Until an update is released, it is recommended to disable the Telnet function on the device and restrict access to the administration panel exclusively to trusted hosts through network segmentation or firewall rules.
Tenda AC9 with firmware version v15.03.05.14
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac9
HWTenda1.0Tenda Ac9 Firmware
OSTenda15.03.05.14
Related vulnerabilities
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firm...
Command injection w Tenda AC9 via parametr deviceName
Command injection w Tenda AC9 — funkcja formSetSambaConf (parametr usbname)
Tenda AC9 – stack overflow w WifiBasicSet umożliwia zdalny RCE
Stack overflow w Tenda AC9 – RCE przez parametr rebootTime