PT-2022-19078 · Tenda · Tenda Ac15
Published
2022-05-04
·
Updated
2023-08-08
·
CVE-2022-28557
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda AC15 version US AC15V1.0BR V15.03.05.20 multi TDE01.bin
Description
The issue is related to a command injection vulnerability at the
/goform/setsambacfg interface of the device's web interface. This vulnerability can potentially lead to arbitrary command execution when combined with other vulnerabilities.Recommendations
For Tenda AC15 version US AC15V1.0BR V15.03.05.20 multi TDE01.bin, as a temporary workaround, consider restricting access to the
/goform/setsambacfg interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Ac15