Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-5767Improper Input Validation in Ac15 Firmware

CWE-20Improper Input Validation4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
66.7%
top 1.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Tendacn Ac15 Firmware
Timeline
PublishedFeb 15
Latest updateMay 14

Description

An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtendacn/ac15_firmware15.03.1.16

🔴Vulnerability Details

2
GHSA
GHSA-ppmp-j437-m6h6: An issue was discovered on Tenda AC15 V152022-05-14
CVEList
CVE-2018-5767: An issue was discovered on Tenda AC15 V152018-02-15

💥Exploits & PoCs

1
Exploit-DB
Tenda AC15 Router - Remote Code Execution2018-02-14
CVE-2018-5767 — Improper Input Validation | cvebase