Command Injection Vulnerability in Tenda AC7 Router
CVE-2024-48825

8.8HIGH

Key Information:

Vendor
Tenda
Status
AC7 Router
Vendor
CVE Published:
28 October 2024

Summary

The Tenda AC7 router version 15.03.06.44 is susceptible to a command injection vulnerability that allows attackers to execute arbitrary code without requiring authentication. This risk arises from flaws in the ate_ifconfig_set function, which can be exploited through crafted pre-authentication requests, enabling unauthorized access to the system. Users should be vigilant and consider patching or applying mitigations to protect their networks from potential exploitation.

References

https://github.com/ixout/iotVuls/blob/main/Tenda/ac7_005/...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.