Command Execution Vulnerability in AX2 Pro Home Router by Shenzhen Tenda Technology Co., Ltd.
CVE-2024-48459

Currently unrated

Key Information:

Vendor: Shenzhen Tenda Technology Co., Ltd.
Status: AX2 Pro Home Router
Vendor: CVE Published:; 25 October 2024

🔔 Create Shenzhen Tenda Technology Co., Ltd. Vulnerability Alert

What is CVE-2024-48459?

A command execution vulnerability affects the AX2 Pro home router made by Shenzhen Tenda Technology Co., Ltd. An attacker can exploit this vulnerability by sending a specially crafted payload, which allows them to execute arbitrary commands on the device. This exploit provides unauthorized shell access to the router’s file system, granting the attacker high-level privileges that can compromise the network's security and functionality. Users of the affected router versions are urged to take immediate action to secure their devices.

References

https://gist.github.com/Swind1er/da24125da98f6616a50a35a3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2024
Vulnerability Reserved
Oct 8, 2024