PT-2022-19714 · Tenda · Tenda Tx9 Pro

Published

2022-05-05

Updated

2022-05-13

CVE-2022-29592

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda TX9 Pro version 22.03.02.10

Description The issue allows OS command injection via the set route function, which is called by doSystemCmd route. This enables potential attackers to inject commands into the operating system, posing a significant security risk.

Recommendations For Tenda TX9 Pro version 22.03.02.10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2022-29592

Affected Products

Tenda Tx9 Pro

PT-2022-19714 · Tenda · Tenda Tx9 Pro

CVE-2022-29592

Weakness Enumeration

Related Identifiers

Affected Products

References · 4