Question_H

Name of the Vulnerable Software and Affected Versions: Tenda G3 Router firmware version 15.03.05.05 Description: The issue is related to a remote code execution vulnerability in the Tenda G3 Router firmware. This vulnerability can be exploited via the `usbPartitionName` parameter in the `formSetUSBPartitionUmount` function, allowing a remote attacker to execute arbitrary commands. The vulnerability is associated with a lack of sanitization of special elements. Recommendations: For Tenda G3 Router firmware version 15.03.05.05, as a temporary workaround, consider disabling the `formSetUSBPartitionUmount` function until a patch is available. Restrict access to the `usbPartitionName` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.