CVE-2022-36273

CWE-78 — OS Command Injection CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

17.9%

top 4.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

1

Tenda AC9 Firmware

Timeline

PublishedAug 16

Latest updateAug 17

Description

Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtenda/ac9_firmware15.03.2.21_cn

🔴Vulnerability Details

2

GHSA

GHSA-95rc-v396-9w7m: Tenda AC9 V15↗2022-08-17

▶

CVEList

CVE-2022-36273: Tenda AC9 V15↗2022-08-16

▶

CVE-2022-36273 (CRITICAL CVSS 9.8) | Tenda AC9 V15.03.2.21_cn is vulnera | cvebase.io