Tenda AC15 15.03.05.18/15.03.20_multi /goform/setsambacfg formSetSambaConf usbName os command injection

EntryHistoryjsonxmlCTI

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The CWE definition for the vulnerability is CWE-78. The weakness was published 03/23/2024. It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2024-2851. It is possible to initiate the attack remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1202 according to MITRE ATT&CK. It is declared as proof-of-concept. The exploit is shared for download at github.com. We expect the 0-day to have been worth approximately $0-$5k. The vendor was contacted early about this disclosure but did not respond in any way. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	03/23/2024 06:51	05/04/2024 09:30	05/04/2024 09:33
vendor	Tenda	Tenda	Tenda
name	AC15	AC15	AC15
version	15.03.05.18/15.03.20_multi	15.03.05.18/15.03.20_multi	15.03.05.18/15.03.20_multi
file	/goform/setsambacfg	/goform/setsambacfg	/goform/setsambacfg
function	formSetSambaConf	formSetSambaConf	formSetSambaConf
argument	usbName	usbName	usbName
cwe	78 (os command injection)	78 (os command injection)	78 (os command injection)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md
availability	1	1	1
publicity	1	1	1
url	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md
cve	CVE-2024-2851	CVE-2024-2851	CVE-2024-2851
responsible	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
date	1711148400 (03/23/2024)	1711148400 (03/23/2024)	1711148400 (03/23/2024)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	7.5
cvss3_meta_tempscore	5.7	5.7	7.3
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1711148400 (03/23/2024)	1711148400 (03/23/2024)
cve_nvd_summary		A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			6.5
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			6.3

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!