CVE-2018-14558

CVSS 9.8 CRITICALEPSS 8.7%● KEVCWE-78

In short

Tenda wireless routers (AC7, AC9, AC10) allow attackers to run arbitrary commands on the device by sending specially crafted requests. An attacker can take complete control of the router and access your network.

Technical detail

Command injection vulnerability in the setUsbUnload endpoint allows unauthenticated remote code execution through unsanitized input passed to dosystemCmd. The vulnerability affects specific Tenda router models and firmware versions, enabling OS command execution with router privileges.

Summary generated and translated by AI from the official description.

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-01/Tenda.md https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14558