CVE-2018-5770

Name of the Vulnerable Software and Affected Versions Tenda AC15 (affected versions not specified)

Description The issue is related to insufficient access control in the Tenda AC15 router's firmware. It allows a remote attacker to gain root access to the device by initiating a special request to the /goform/telnet API endpoint, which starts the telnetd service. Several default accounts on the device have root privileges, enabling an attacker to log in.

Recommendations For Tenda AC15 devices, consider disabling the /goform/telnet API endpoint until a patch is available to prevent exploitation. Restrict access to the telnetd service to minimize the risk of unauthorized root access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.