CVE-2024-30891Command Injection in Ac18 Firmware

CWE-77Command Injection4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 40.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda Ac18 Firmware
Timeline
PublishedApr 5

Description

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDtenda/ac18_firmware15.03.05.05

🔴Vulnerability Details

3
CVEList
CVE-2024-30891: A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v152024-04-05
GHSA
GHSA-gvmc-5p79-xx55: A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v152024-04-05
VulnCheck
Tenda AC18 V15.03.05.05 Firmware formexeCommand Function Command Injection2024
CVE-2024-30891 — Command Injection in Tenda | cvebase