CVE-2023-6304

Name of the Vulnerable Software and Affected Versions Tecno 4G Portable WiFi TR118 version TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830

Description A critical issue has been identified, affecting the Ping Tool component, specifically the /goform/goform get cmd process file. The url argument is vulnerable to os command injection, which can be exploited remotely. The issue has been publicly disclosed.

Recommendations For version TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830, as a temporary workaround, consider restricting access to the Ping Tool component, specifically the /goform/goform get cmd process file, to minimize the risk of exploitation. Avoid using the url argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.