CVE-2018-14558
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
8.7%
p95
KEV
YES
Nov 3, 2021
Exploit Today
78
0-100
Published: — · Last modified: —
Product
Tenda / AC7, AC9, and AC10 Routers
Vulnerability
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-14558
No related CVEs by CWE or product.