PT-2024-24480 · Tenda · Tenda Ac7

Published

2024-04-17

Updated

2025-03-17

CVE-2024-32281

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda AC7V1.0 version 15.03.06.44

Description The issue is a command injection vulnerability in the formexeCommand function via the cmdinput parameter. This vulnerability is remotely exploitable. There are no known exploits at this time.

Recommendations For Tenda AC7V1.0 version 15.03.06.44, patch immediately to address the command injection vulnerability in the formexeCommand function. Additionally, review the code for input validation gaps to prevent similar issues. As a temporary workaround, consider restricting access to the formexeCommand function until a patch is available. Check for unauthorized access after applying the patch.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2024-32281

Affected Products

Tenda Ac7

PT-2024-24480 · Tenda · Tenda Ac7

CVE-2024-32281

Weakness Enumeration

Related Identifiers

Affected Products

References · 7