Command Injection Vulnerability in Tenda AC500 Firmware
CVE-2024-32314

Currently unrated

Key Information:

Vendor: Tenda
Status: Ac500 Firmware
Vendor: CVE Published:; 17 April 2024

Summary

A command injection vulnerability has been identified in the Tenda AC500 firmware within the formexeCommand function. This flaw originates from improper handling of the cmdinput parameter, allowing unauthorized command execution. Exploitation of this vulnerability may lead to system compromise and unauthorized access, posing significant risks to network integrity and user data. It is essential for organizations using affected firmware versions to implement necessary security measures and updates to mitigate potential threats.

References

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/T...

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 12, 2024