cbcvebase.
CVE-2022-31446
published 2022-06-14

CVE-2022-31446: Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at…

PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
32.10%
98.1th percentile
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.

Affected

2 ranges
VendorProductVersion rangeFixed in
tendacnac18_firmware
tendacnac18_firmware

Detection & IOCsextracted from sources · hover to see the quote

urlip/goform/WriteFacMac
  • Monitor POST requests to /goform/WriteFacMac on Tenda AC18 routers for suspicious command injection payloads in the 'Mac' parameter body
  • Tenda AC18 router CVE-2022-31446 was observed being actively exploited in the wild shortly after vulnerability publication; treat any exploitation attempt as high-confidence malicious activity
  • ·Vulnerability affects Tenda AC18 router firmware versions V15.03.05.19 and V15.03.05.05 only
  • ·Traditional IPS signatures are noted as insufficient to detect this exploit due to the novel URI/parameter combination; ML-based or behavioral detection is recommended

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.