PT-2022-20111 · Tenda Technology Co. · Tenda Hg6

Gjoko Krstic

Published

2022-05-27

Updated

2022-06-10

CVE-2022-30425

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda Technology Co.,Ltd HG6 version 3.3.0-210926

Description A command injection issue was discovered, which can be exploited through crafted POST requests. The vulnerability is related to the pingAddr and traceAddr parameters.

Recommendations For version 3.3.0-210926, avoid using the pingAddr and traceAddr parameters in affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the vulnerable parameters to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2022-30425

Affected Products

Tenda Hg6

PT-2022-20111 · Tenda Technology Co. · Tenda Hg6

CVE-2022-30425

Weakness Enumeration

Related Identifiers

Affected Products

References · 5