PT-2023-8323 · Tenda · Tenda W9

Gd@Hillstone

Publicado

2023-12-26

Atualizado

2023-12-30

CVE-2023-51098

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda W9 version 1.0.0.7(4456) CN

Description The issue exists due to the lack of neutralization of special elements in the formSetDiagnoseInfo function of the Tenda W9 wireless access point's firmware. This can allow a remote attacker to execute arbitrary code. The vulnerability is a command injection issue via the formSetDiagnoseInfo function.

Recommendations For Tenda W9 version 1.0.0.7(4456) CN, as a temporary workaround, consider disabling the formSetDiagnoseInfo function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2024-00437

CVE-2023-51098

Produtos afetados

Tenda W9

PT-2023-8323 · Tenda · Tenda W9

CVE-2023-51098

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8