Tenda FH1206 Vulnerable to Command Injection via cmdinput Parameter
CVE-2024-35340

8.6HIGH

Key Information:

Vendor
Tenda
Vendor
CVE Published:
24 May 2024

Summary

The Tenda FH1206, specifically version V1.2.0.8(8155), is susceptible to a command injection vulnerability. This vulnerability arises through the manipulation of the cmdinput parameter within the ip/goform/formexeCommand interface. If exploited, this could allow an attacker to execute arbitrary commands on the device, leading to potential unauthorized access and control.

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.