CVE-2017-16936

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda Ac9 US AC9V1.0BR V15.03.05.14 multi TD01 Shenzhen Tenda Ac9 ac9 kf V15.03.05.19(6318 ) cn Shenzhen Tenda Ac15 US AC15V1.0BR V15.03.05.18 multi TD01 Shenzhen Tenda Ac15 US AC15V1.0BR V15.03.05.19 multi TD01 Shenzhen Tenda Ac18 US AC18V1.0BR V15.03.05.05 multi TD01 Shenzhen Tenda Ac18 ac18 kf V15.03.05.19(6318 ) cn

Description A Directory Traversal issue exists, allowing remote unauthenticated attackers to read arbitrary files. This is achieved via a "cgi-bin/luci/request?op=1&path=" URI that utilizes directory traversal sequences after a "/usb/" substring.

Recommendations For Shenzhen Tenda Ac9 US AC9V1.0BR V15.03.05.14 multi TD01, consider restricting access to the cgi-bin/luci/request API endpoint until a patch is available. For Shenzhen Tenda Ac9 ac9 kf V15.03.05.19(6318 ) cn, avoid using the path variable in the affected API endpoint. For Shenzhen Tenda Ac15 US AC15V1.0BR V15.03.05.18 multi TD01, restrict access to the vulnerable module to minimize the risk of exploitation. For Shenzhen Tenda Ac15 US AC15V1.0BR V15.03.05.19 multi TD01, disable the vulnerable function temporarily until a fix is provided. For Shenzhen Tenda Ac18 US AC18V1.0BR V15.03.05.05 multi TD01, apply configuration changes to limit access to the affected API endpoint. For Shenzhen Tenda Ac18 ac18 kf V15.03.05.19(6318 ) cn, as a temporary workaround, consider disabling the vulnerable request function until a patch is available.