Command Execution Vulnerability in Tenda AX3 Router
CVE-2023-49409

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ax3 Firmware
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-49409?

A command execution vulnerability has been identified in the Tenda AX3 router, specifically impacting version V16.03.12.11. This vulnerability allows unauthorized remote attackers to execute commands through the router's telnet function, potentially compromising the device and the network it serves. Users are advised to review the security implications of this vulnerability and apply necessary updates or mitigation strategies to secure their systems.

References

https://github.com/GD008/TENDA/blob/main/AX3/tenda_AX3_te...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Nov 27, 2023