Arbitrary Command Execution Vulnerability in Tenda AC18 v15.03.05.05
CVE-2024-30891

Currently unrated

Key Information:

Vendor: Tenda
Status: Ac18 Firmware
Vendor: CVE Published:; 5 April 2024

What is CVE-2024-30891?

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.

References

https://github.com/Lantern-r/IoT-vuln/blob/main/Tenda/AC1...

Timeline

Vulnerability published
Apr 5, 2024