PT-2023-8323 · Tenda · Tenda W9
Gd@Hillstone
·
Published
2023-12-26
·
Updated
2023-12-30
·
CVE-2023-51098
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tenda W9 version 1.0.0.7(4456) CN
Description
The issue exists due to the lack of neutralization of special elements in the
formSetDiagnoseInfo function of the Tenda W9 wireless access point's firmware. This can allow a remote attacker to execute arbitrary code. The vulnerability is a command injection issue via the formSetDiagnoseInfo function.Recommendations
For Tenda W9 version 1.0.0.7(4456) CN, as a temporary workaround, consider disabling the
formSetDiagnoseInfo function until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda W9