PT-2021-17604 · Tenda · Tenda G3+1
Jinwen Zhou
+1
·
Published
2021-04-15
·
Updated
2022-07-12
·
CVE-2021-27692
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Tenda G1 and G3 routers versions v15.11.0.17(9502) CN through v15.11.0.17(9502) CN
Tenda G1 and G3 routers version v15.11.0.16(9024) CN
Description:
The issue allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the
formSetUSBPartitionUmount function executes the doSystemCmd function with untrusted input.Recommendations:
For Tenda G1 and G3 routers version v15.11.0.17(9502) CN, consider disabling the
formSetUSBPartitionUmount function until a patch is available.
For Tenda G1 and G3 routers version v15.11.0.16(9024) CN, consider disabling the formSetUSBPartitionUmount function until a patch is available.
Avoid using the "action/umountUSBPartition" request in the affected API endpoint until the issue is resolved.Exploit
Fix
Buffer Overflow
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tenda G1
Tenda G3