Command Injection Vulnerability in Tenda FH1201 v1.2.0.14
CVE-2024-41473

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Fh1201 Firmware
Vendor: CVE Published:; 25 July 2024

Summary

The Tenda FH1201, specifically version v1.2.0.14, has a command injection vulnerability that can be exploited via the mac parameter at the ip/goform/WriteFacMac endpoint. This flaw may allow attackers to execute arbitrary commands on the system, potentially leading to unauthorized access or control over the affected device. Security measures should be implemented to safeguard against this vulnerability, including input validation and sanitization to mitigate the risk of exploitation.

References

https://github.com/iotresearch/iot-vuln/tree/main/Tenda/F...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 25, 2024

Collectors

NVD Database