CVE-2018-5767

An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
References
Link Resource
https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ Exploit Technical Description Third Party Advisory
https://www.exploit-db.com/exploits/44253/ Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tendacn:ac15_firmware:15.03.1.16:*:*:*:*:*:*:*
cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*

Information

Published : 2018-02-15 15:29

Updated : 2018-03-15 06:25


NVD link : CVE-2018-5767

Mitre link : CVE-2018-5767


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

tendacn

  • ac15
  • ac15_firmware