PT-2023-3384 · Tenda · Tenda Ac5

Yanbushuang

Publicado

2023-05-16

Atualizado

2023-05-22

CVE-2023-31587

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda AC5 router version V15.03.06.28

Description The issue is related to insufficient input validation in the Tenda AC5 router's firmware, which can be exploited by a remote attacker to execute arbitrary code using the Mac parameter at the "ip/goform/WriteFacMac" endpoint.

Recommendations For Tenda AC5 router version V15.03.06.28, consider restricting access to the "ip/goform/WriteFacMac" endpoint to minimize the risk of exploitation. Avoid using the Mac parameter in the affected endpoint until the issue is resolved.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2023-03552

CVE-2023-31587

Produtos afetados

Tenda Ac5

PT-2023-3384 · Tenda · Tenda Ac5

CVE-2023-31587

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7