CVE-2021-27692 — OS Command Injection in G1 Firmware

CWE-78 — OS Command Injection CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

3.3%

top 12.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tendacn G1 Firmware Tendacn G3 Firmware

Timeline

PublishedApr 16

Latest updateMay 24

Description

Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDtendacn/g1_firmware15.11.0.16\(9024\)_cn, 15.11.0.17\(9502\)_cn+1

▶NVDtendacn/g3_firmware15.11.0.16\(9024\)_cn, 15.11.0.17\(9502\)_cn+1

🔴Vulnerability Details

GHSA

GHSA-rxj2-g98j-wfhh: Command Injection in Tenda G1 and G3 routers with firmware versions v15↗2022-05-24

▶

CVEList

CVE-2021-27692: Command Injection in Tenda G1 and G3 routers with firmware versions v15↗2021-04-15

▶

VulnCheck

Tenda g1_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2021

▶