CVE-2022-24170

Name of the Vulnerable Software and Affected Versions Tenda routers G1 and G3 version 15.11.0.17(9502) CN

Description A command injection issue was discovered in the function formSetIpSecTunnel(), allowing attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.

Recommendations For version 15.11.0.17(9502) CN, as a temporary workaround, consider disabling the formSetIpSecTunnel() function until a patch is available. Restrict access to the parameters IPsecLocalNet and IPsecRemoteNet to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.