Command Injection Vulnerability in Tenda AC18 Router
CVE-2024-28545

Currently unrated

Key Information:

Vendor: Tenda Technology
Status: Ac18 Firmware
Vendor: CVE Published:; 26 March 2024

🔔 Create Tenda Technology Vulnerability Alert

What is CVE-2024-28545?

The Tenda AC18 router has a command injection vulnerability that arises from an improper validation of user-supplied input within the deviceName parameter of the formsetUsbUnload function. This flaw can be exploited to execute arbitrary commands on the device, undermining its security and potentially allowing unauthorized access. Users are advised to review their device configurations and apply any necessary patches as soon as updates are available to mitigate this risk.

References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/T...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Mar 8, 2024