CVE-2021-27691 — OS Command Injection in G0 Firmware

CWE-78 — OS Command Injection CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

4.4%

top 10.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tendacn G0 Firmware Tendacn G1 Firmware Tendacn G3 Firmware

Timeline

PublishedApr 16

Latest updateMay 24

Description

Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDtendacn/g0_firmware15.11.0.5\(5876\)_cn, 15.11.0.6\(9039\)_cn+1

▶NVDtendacn/g1_firmware15.11.0.16\(9024\)_cn, 15.11.0.17\(9502\)_cn+1

▶NVDtendacn/g3_firmware15.11.0.16\(9024\)_cn, 15.11.0.17\(9502\)_cn+1

🔴Vulnerability Details

GHSA

GHSA-rhp8-jw3x-rc64: Command Injection in Tenda G0 routers with firmware versions v15↗2022-05-24

▶

CVEList

CVE-2021-27691: Command Injection in Tenda G0 routers with firmware versions v15↗2021-04-15

▶