CVE-2020-10987
CVE-2020-10987
In short
A vulnerability in Tenda AC15 routers allows attackers to run harmful commands on the device by sending specially crafted requests. This is critical because an attacker can take complete control of your router without needing any special access.
Technical detail
The setUsbUnload endpoint in Tenda AC15 v15.03.05.19 is susceptible to OS command injection through the deviceName POST parameter, enabling unauthenticated remote code execution. The vulnerability stems from insufficient input validation, allowing attackers to inject shell metacharacters and execute arbitrary system commands with router privileges.
Summary generated and translated by AI from the official description.
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
githubgithub.com/Jaden-Bowers/Tenda-Router-VR-and-Exploit★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →