Command Injection Flaw in Tenda W20E Router
CVE-2022-45996

7.2HIGH

Key Information:

Vendor: Tenda
Status: W20e Firmware
Vendor: CVE Published:; 12 December 2022

Summary

The Tenda W20E router is susceptible to a command injection vulnerability that allows an attacker to exploit the cmd_get_ping_output function. This flaw can potentially enable unauthorized access and the execution of arbitrary commands on the affected device, posing significant security risks. Users of the Tenda W20E version V16.01.0.6(3392) are advised to take immediate action to mitigate this vulnerability, such as updating firmware or applying specific security enhancements.

References

https://github.com/bugfinder0/public_bug/tree/main/tenda/...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2022
Vulnerability Reserved
Nov 28, 2022