PT-2023-7591 · Tenda · Tenda It7-Pcs+3
Feixincheng
+1
·
Published
2023-02-27
·
Updated
2023-12-31
·
CVE-2023-23080
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tenda CP7 versions V11.10.00.2211041403 and earlier
Tenda CP3 v.10 versions V20220906024 2025 and earlier
Tenda IT7-PCS versions V2209020914 and earlier
Tenda IT7-LCS versions V2209020914 and earlier
Tenda IT7-PRS versions V2209020908 and earlier
Description
The issue is related to command injection, which can allow a remote attacker to execute arbitrary commands. This is due to the lack of data cleaning measures at the management level.
Recommendations
For Tenda CP7 versions V11.10.00.2211041403 and earlier, update to a version later than V11.10.00.2211041403.
For Tenda CP3 v.10 versions V20220906024 2025 and earlier, update to a version later than V20220906024 2025.
For Tenda IT7-PCS versions V2209020914 and earlier, update to a version later than V2209020914.
For Tenda IT7-LCS versions V2209020914 and earlier, update to a version later than V2209020914.
For Tenda IT7-PRS versions V2209020908 and earlier, update to a version later than V2209020908.
As a temporary workaround, consider restricting access to the affected devices until a patch is available.
Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Cp3
Tenda Cp7
Tenda It7-Lcs
Tenda It7-Pcs