Command Injection Vulnerability in Tenda AC10 Router
CVE-2023-37144

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ac10 Firmware
Vendor: CVE Published:; 7 July 2023

Summary

The Tenda AC10 router, specifically version 15.03.06.26, is prone to a command injection vulnerability that arises from improper validation of the 'mac' parameter within the 'formWriteFacMac' function. This security flaw allows an attacker to execute arbitrary commands on the device, potentially compromising the router's integrity and allowing unauthorized access. Users are advised to update their devices promptly to mitigate the risk posed by this vulnerability.

References

https://github.com/DaDong-G/Vulnerability_info/blob/main/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 7, 2023
Vulnerability Reserved
Jun 28, 2023