Command Injection Vulnerability in Tenda W30E Firmware
CVE-2024-32292

Currently unrated

Key Information:

Vendor: Tenda
Status: W30e Firmware
Vendor: CVE Published:; 17 April 2024

Summary

A command injection vulnerability exists in Tenda W30E firmware version 1.0.1.25(633), specifically within the formexeCommand function that utilizes the cmdinput parameter. This flaw could allow an attacker to execute arbitrary commands on the affected device. Proper input sanitization measures are crucial to mitigate risks associated with this type of vulnerability, as it opens potential avenues for unauthorized access and control over the device.

References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/T...

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 12, 2024