CVE-2021-44971Incorrect Comparison in Ac15 Firmware

CWE-697Incorrect ComparisonCWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
2.2%
top 15.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ac15 FirmwareTenda AC5 Firmware
Timeline
PublishedJan 28
Latest updateJan 29

Description

Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDtenda/ac5_firmware15.03.06.48_multi
NVDtenda/ac15_firmware15.03.05.20_multi

🔴Vulnerability Details

2
GHSA
GHSA-cvxm-mgpf-m49w: Multiple Tenda devices are affected by authentication bypass, such as AC15V12022-01-29
CVEList
CVE-2021-44971: Multiple Tenda devices are affected by authentication bypass, such as AC15V12022-01-28
CVE-2021-44971 — Incorrect Comparison in Tenda | cvebase