CVE-2018-14558
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
8.7%
p95
KEV
SÍ
3 nov 2021
Exploit Today
78
0-100
Publicado: — · Última mod.: —
Producto
Tenda / AC7, AC9, and AC10 Routers
Vulnerabilidad
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
Añadido a KEV
3 nov 2021
Remediar antes de
3 may 2022
Uso conocido en ransomware
No
Descripción resumida
Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2018-14558
Sin CVEs relacionados por CWE o producto.