Tenda FH1206 Vulnerable to Command Injection via cmdinput Parameter
CVE-2024-35340
8.6HIGH
Summary
The Tenda FH1206, specifically version V1.2.0.8(8155), is susceptible to a command injection vulnerability. This vulnerability arises through the manipulation of the cmdinput parameter within the ip/goform/formexeCommand interface. If exploited, this could allow an attacker to execute arbitrary commands on the device, leading to potential unauthorized access and control.
References
CVSS V3.1
Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published