Tenda FH1201 Vulnerability: Command Injection Flaw Discovered
CVE-2024-41468

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Fh1201 Firmware
Vendor: CVE Published:; 25 July 2024

What is CVE-2024-41468?

The Tenda FH1201 router version v1.2.0.14 has a vulnerability that allows for command injection through the cmdinput parameter in the /goform/exeCommand endpoint. This flaw enables attackers to send crafted requests to execute arbitrary system commands, potentially leading to unauthorized access and control over the device. Users of this router should assess their exposure and apply necessary security measures to mitigate risks associated with this vulnerability.

References

https://github.com/iotresearch/iot-vuln/blob/main/Tenda/F...

EPSS Score

82% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2024