CVE-2018-14558
published 2018-10-30CVE-2018-14558: An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10…
PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
8.67%
94.5th percentile
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenda | ac10_firmware | <= 15.03.06.23_cn | — |
| tenda | ac7_firmware | <= 15.03.06.44_cn | — |
| tenda | ac9_firmware | <= 15.03.05.19\(6318\)_cn | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting the 'goform/setUsbUnload' endpoint on Tenda AC7, AC9, and AC10 routers for command injection payloads in request parameters. ↗
- →Inspect calls to the 'formsetUsbUnload' function and any downstream invocation of 'dosystemCmd' with user-controlled input as the injection sink. ↗
- ·Vulnerability affects Tenda AC7 only up to firmware V15.03.06.44_CN; AC9 only up to V15.03.05.19(6318)_CN; AC10 only up to V15.03.06.23_CN. Devices on later firmware versions may not be affected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jh5j-w2c9-jcff: An issue was discovered on Tenda AC7 devices with firmware through V15
ghsa_unreviewed·2022-05-13
CVE-2018-14558 [CRITICAL] CWE-78 GHSA-jh5j-w2c9-jcff: An issue was discovered on Tenda AC7 devices with firmware through V15
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
VulnCheck
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
vulncheck·2018·CVSS 9.8
CVE-2018-14558 [CRITICAL] CWE-78 Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.
Affected: Tenda AC7, AC9, and AC10 Routers
Required Action: Apply updates per vendor instructions.
Exploitation References: https://otx.alienvault.com/pulse/6075b645942d5adf9bb8949b; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://blog.xlab.qianxin.com/mirai-tbot-en/; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-28&host_type=src&vulnerability=cve-2018-14558; https:/
CISA
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2018-14558 [CRITICAL] CWE-78 Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
Vulnerability: Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
Affected: Tenda AC7, AC9, and AC10 Routers
Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-14558
Remediation Due Date: 2022-05-03
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-10-30
Published
2021-11-03
Added to CISA KEV
Exploited in the wild