Command Injection Vulnerability in Tenda AC18 Router
CVE-2024-28545

Currently unrated

Key Information:

Vendor: Tenda Technology
Status: Ac18 Firmware
Vendor: CVE Published:; 26 March 2024

Summary

The Tenda AC18 router has a command injection vulnerability that arises from an improper validation of user-supplied input within the deviceName parameter of the formsetUsbUnload function. This flaw can be exploited to execute arbitrary commands on the device, undermining its security and potentially allowing unauthorized access. Users are advised to review their device configurations and apply any necessary patches as soon as updates are available to mitigate this risk.

References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/T...

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Mar 8, 2024