CVE-2018-16334OS Command Injection in Ac10 Firmware

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
3.9%
top 11.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tendacn Ac10 FirmwareTendacn AC9 Firmware
Timeline
PublishedSep 2
Latest updateMay 14

Description

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDtendacn/ac10_firmware15.03.06.23
NVDtendacn/ac9_firmware15.03.05.19

🔴Vulnerability Details

2
GHSA
GHSA-p98m-xpc7-793v: An issue was discovered on Tenda AC9 V152022-05-14
CVEList
CVE-2018-16334: An issue was discovered on Tenda AC9 V152018-09-02
CVE-2018-16334 — OS Command Injection in Ac10 Firmware | cvebase