Command Execution Vulnerability in Tenda AC6 Product by Tenda
CVE-2023-40837
9.8CRITICAL
Summary
The Tenda AC6 product is susceptible to a command execution vulnerability found in the 'sub_ADD50' function of the firmware. This vulnerability arises when the 'formSetIptv' function does not properly validate the 'list' and 'vlanId' parameters, allowing an attacker to exploit this flaw by injecting malicious commands. Such exploitation could lead to unauthorized execution of commands on the device, compromising its integrity and potentially impacting the user's network security.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved