CVE-2020-26728AC9 Firmware vulnerability

3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.4%
top 12.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda AC9 Firmware
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtenda/ac9_firmware15.03.05.19\(6318\)_cn, 15.03.06.42_multi+1

🔴Vulnerability Details

2
GHSA
GHSA-586v-26wc-h2mw: A vulnerability was discovered in Tenda AC9 v32022-02-12
CVEList
CVE-2020-26728: A vulnerability was discovered in Tenda AC9 v32022-02-11
CVE-2020-26728 — Tenda AC9 Firmware vulnerability | cvebase