PT-2022-12274 · Tenda · Tenda Ac5+1

21Gun5

Published

2022-01-28

Updated

2024-02-14

CVE-2021-44971

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda devices, such as AC15V1.0 version V15.03.05.20 multi and AC5V1.0 version V15.03.06.48 multi

Description The issue allows an attacker to bypass authentication, potentially obtaining sensitive information. This can be combined with authenticated command injection to implement remote code execution (RCE).

Recommendations For Tenda AC15V1.0 version V15.03.05.20 multi, update to a version that addresses the authentication bypass issue. For Tenda AC5V1.0 version V15.03.06.48 multi, update to a version that addresses the authentication bypass issue. As a temporary workaround, consider restricting access to sensitive information and limiting command injection capabilities until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-697

Related Identifiers

CVE-2021-44971

Affected Products

Tenda Ac15

Tenda Ac5

PT-2022-12274 · Tenda · Tenda Ac5+1

CVE-2021-44971

Weakness Enumeration

Related Identifiers

Affected Products

References · 7