Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.
References
Link | Resource |
---|---|
https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC9/12 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-03-18 14:15
Updated : 2022-03-24 20:56
NVD link : CVE-2022-25441
Mitre link : CVE-2022-25441
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
tenda
- ac9_firmware
- ac9