CVE-2024-9793

Name of the Vulnerable Software and Affected Versions Tenda AC1206 versions up to 15.03.06.23

Description The issue is related to the ate iwpriv set() and ate ifconfig set() functions in the /goform/ate file of the Tenda AC1206 router's firmware. It allows for command injection due to inadequate data sanitization on the management level. This can be exploited by a remote attacker to execute arbitrary commands. The attack can be initiated remotely.

Recommendations For Tenda AC1206 versions up to 15.03.06.23, restrict access to the admin interfaces and consider disabling the ate iwpriv set() and ate ifconfig set() functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.