A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution.
References
Link | Resource |
---|---|
https://github.com/ilovekeer/IOT/blob/main/Tenda/W6/Injection/exeCommand/README.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-08-12 08:15
Updated : 2022-08-16 07:49
NVD link : CVE-2022-35555
Mitre link : CVE-2022-35555
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
tenda
- w6
- w6_firmware