Command Injection Vulnerability in Tenda AC7 Router Firmware
CVE-2024-32281

Currently unrated

Key Information:

Vendor: Tenda
Status: AC7 Router
Vendor: CVE Published:; 17 April 2024

Summary

The Tenda AC7 Router firmware version 15.03.06.44 is vulnerable to command injection through the formexeCommand function, specifically via the cmdinput parameter. This flaw could allow an attacker to execute arbitrary commands on the affected device, potentially compromising the security and integrity of the network. Users are advised to implement immediate security measures and monitor their devices for unusual activity.

References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/T...

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 12, 2024