Tenda AC9 v15.03.06.42 Command Injection Vulnerability Allows Root Access
CVE-2024-42634

Currently unrated

Key Information:

Vendor: Tenda
Status: Ac9 Firmware
Vendor: CVE Published:; 16 August 2024

Summary

A command injection vulnerability was identified in the formWriteFacMac function of the httpd binary within Tenda AC9 version 15.03.06.42. This flaw allows an attacker to execute arbitrary operating system commands with root privileges, posing a significant risk to the device and potentially compromising network security. Attackers exploiting this vulnerability could manipulate system processes, leading to unauthorized access and control over system functions.

References

https://github.com/goldds96/Report/blob/main/Tenda/AC9/CI.md

Timeline

Vulnerability published
Aug 16, 2024