CVE-2024-46628

Name of the Vulnerable Software and Affected Versions: Tenda G3 Router firmware version 15.03.05.05

Description: The issue is related to a remote code execution vulnerability in the Tenda G3 Router firmware. This vulnerability can be exploited via the usbPartitionName parameter in the formSetUSBPartitionUmount function, allowing a remote attacker to execute arbitrary commands. The vulnerability is associated with a lack of sanitization of special elements.

Recommendations: For Tenda G3 Router firmware version 15.03.05.05, as a temporary workaround, consider disabling the formSetUSBPartitionUmount function until a patch is available. Restrict access to the usbPartitionName parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.