An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
References
Link | Resource |
---|---|
https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ | Exploit Technical Description Third Party Advisory |
https://www.exploit-db.com/exploits/44253/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2018-02-15 15:29
Updated : 2018-03-15 06:25
NVD link : CVE-2018-5767
Mitre link : CVE-2018-5767
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
tendacn
- ac15
- ac15_firmware