CVE-2018-18728OS Command Injection in Ac15 Firmware

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.1%
top 13.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Tenda Ac15 FirmwareTenda Ac18 FirmwareTenda AC9 Firmware
Timeline
PublishedOct 29
Latest updateMay 13

Description

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDtenda/ac15_firmware15.03.05.19_cn
NVDtenda/ac18_firmware15.03.05.19\(6318\)_cn
NVDtenda/ac9_firmware15.03.05.19\(6318\)_cn

🔴Vulnerability Details

2
GHSA
GHSA-3f4j-7hmm-p7m3: An issue was discovered on Tenda AC9 V152022-05-13
CVEList
CVE-2018-18728: An issue was discovered on Tenda AC9 V152018-10-28
CVE-2018-18728 — OS Command Injection in Tenda | cvebase