CVE-2024-50852

Name of the Vulnerable Software and Affected Versions Tenda G3 version 3.0 v15.11.0.20

Description The issue is related to the formSetUSBPartitionUmount function of the Tenda G3 wireless access point's firmware, which fails to neutralize special elements when processing the usbPartitionName parameter. This can be exploited by a remote attacker to execute arbitrary commands by sending a specially crafted POST request.

Recommendations For Tenda G3 version 3.0 v15.11.0.20, consider disabling the formSetUSBPartitionUmount function until a patch is available to prevent potential command injection attacks. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the usbPartitionName parameter in the affected API endpoint until the issue is resolved.