Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.
References
Link | Resource |
---|---|
https://github.com/z1r00/IOT_Vul/blob/main/Tenda/W30E/delFileName/readme.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-12-08 08:15
Updated : 2022-12-09 05:08
NVD link : CVE-2022-45506
Mitre link : CVE-2022-45506
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
tenda
- w30e_firmware
- w30e