CVE-2023-27076OS Command Injection in G103 Firmware

CWE-78OS Command Injection7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
10.9%
top 6.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda G103 Firmware
Timeline
PublishedApr 10
Latest updateOct 12

Description

Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtenda/g103_firmware1.0.0.5

🔴Vulnerability Details

3
CVEList
CVE-2023-27076: Command injection vulnerability found in Tenda G103 v2023-04-10
GHSA
GHSA-4vjm-pw8m-56h5: Command injection vulnerability found in Tenda G103 v2023-04-10
VulnCheck
Tenda g103_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')2023

🔍Detection Rules

1
Suricata
ET EXPLOIT Tenda G103 Command Injection Attempt (CVE-2023-27076)2023-10-12

🕵️Threat Intelligence

2
Unit42
Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices2023-05-25
Unit42
Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices2023-05-25
CVE-2023-27076 — OS Command Injection in Tenda | cvebase