CVE-2022-31446
published 2022-06-14CVE-2022-31446: Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at…
PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
32.10%
98.1th percentile
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tendacn | ac18_firmware | — | — |
| tendacn | ac18_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to /goform/WriteFacMac on Tenda AC18 routers for suspicious command injection payloads in the 'Mac' parameter body ↗
- →Tenda AC18 router CVE-2022-31446 was observed being actively exploited in the wild shortly after vulnerability publication; treat any exploitation attempt as high-confidence malicious activity ↗
- ·Vulnerability affects Tenda AC18 router firmware versions V15.03.05.19 and V15.03.05.05 only ↗
- ·Traditional IPS signatures are noted as insufficient to detect this exploit due to the novel URI/parameter combination; ML-based or behavioral detection is recommended ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8hqv-xv5w-4q8r: Tenda AC18 router V15
ghsa_unreviewed·2022-06-15
CVE-2022-31446 [CRITICAL] CWE-77 GHSA-8hqv-xv5w-4q8r: Tenda AC18 router V15
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
VulnCheck
Tenda ac18_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-31446 [CRITICAL] Tenda ac18_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Tenda ac18_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
Affected: Tenda ac18_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.xlab.qianxin.com/catddos-derivative-en/
No detection rules found.
No public exploits indexed.
Unit42
Zero-Day Exploit Detection Using Machine Learning
blogs_unit42·2022-09-16
Zero-Day Exploit Detection Using Machine Learning
Threat Research Center
Threat Research
Vulnerabilities
## Zero-Day Exploit Detection Using Machine Learning
Jin Chen
Lei Xu
Andrew Guan
Zhibin Zhang
Yu Fu
Published: September 16, 2022
Threat Research
Vulnerabilities
Command injection
Deep learning
Machine Learning
Network security
SQL injection
Threat detection
Zero-days
## Executive Summary
Code injection is an attack technique widely used by threat actors to launch arbitrary code execution on victim machines through vulnerable applications. In 2021, the Open Web Application Security Project (OWASP) ranked it as third in the top 10 web application security risks .
Given the popularity of code injection in exploits, signatures with pattern matches are commonly used to identify the anomalies in network traffic (mos
Unit42
Zero-Day Exploit Detection Using Machine Learning
blogs_unit42·2022-09-16
Zero-Day Exploit Detection Using Machine Learning
## Executive Summary
Code injection is an attack technique widely used by threat actors to launch arbitrary code execution on victim machines through vulnerable applications. In 2021, the Open Web Application Security Project (OWASP) ranked it as third in the top 10 web application security risks.
Given the popularity of code injection in exploits, signatures with pattern matches are commonly used to identify the anomalies in network traffic (mostly URI path, header string, etc.). However, injections can happen in numerous forms, and a simple injection can easily evade a signature-based solution by adding extraneous strings. Therefore, signature-based solutions will often fail on the variants of the proof of concept (PoC) of Common Vulnerabilities and Exposures (CVEs). In this blog, we e
2022-06-14
Published
Exploited in the wild