cbcvebase.
CVE-2018-14558
published 2018-10-30

CVE-2018-14558: An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10…

PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
8.67%
94.5th percentile
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.

Affected

3 ranges
VendorProductVersion rangeFixed in
tendaac10_firmware<= 15.03.06.23_cn
tendaac7_firmware<= 15.03.06.44_cn
tendaac9_firmware<= 15.03.05.19\(6318\)_cn

Detection & IOCsextracted from sources · hover to see the quote

urlgoform/setUsbUnload
  • Monitor HTTP requests targeting the 'goform/setUsbUnload' endpoint on Tenda AC7, AC9, and AC10 routers for command injection payloads in request parameters.
  • Inspect calls to the 'formsetUsbUnload' function and any downstream invocation of 'dosystemCmd' with user-controlled input as the injection sink.
  • ·Vulnerability affects Tenda AC7 only up to firmware V15.03.06.44_CN; AC9 only up to V15.03.05.19(6318)_CN; AC10 only up to V15.03.06.23_CN. Devices on later firmware versions may not be affected.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.