CVE-2019-16213

Name of the Vulnerable Software and Affected Versions Tenda PA6 Wi-Fi Powerline extender version 1.0.1.21

Description The issue allows a remote authenticated attacker to execute arbitrary commands on the system. This can be achieved by sending a specially crafted string to modify the device name of an attached PLC adapter, thereby injecting and executing arbitrary commands on the system with root privileges.

Recommendations For Tenda PA6 Wi-Fi Powerline extender version 1.0.1.21, consider restricting access to the device to prevent remote authenticated attacks until a patch is available. As a temporary workaround, avoid using the device name modification feature for attached PLC adapters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.