Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
References
Link | Resource |
---|---|
https://github.com/z1r00/IOT_Vul/blob/main/Tenda/W6-S/exeCommand/readme.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-12-08 08:15
Updated : 2022-12-09 04:46
NVD link : CVE-2022-45497
Mitre link : CVE-2022-45497
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
tenda
- w6-s
- w6-s_firmware