| عنوان | Tenda AC7 1200M large household 11ac dual-band wireless router V15.03.06.44 Command injection |
|---|
| الوصف | An issue was found in Tenda AC7 V1.0_V15.03.06.44 device: The tendatelnet function handles requests in http without proper handling of the lan_ip parameter and is subsequently concatenated directly with the doSystem system-level function. This can lead to command injection vulnerabilities and can also cause shell metacharacters to be enabled, for example, an attacker may use telnet to remotely access the attacked device. |
|---|
| المصدر | ⚠️ https://github.com/Raining-101/IOT_cve/blob/main/Tenda%20a7%20V15.03.06.44%20Command%20injection.md |
|---|
| المستخدم | Raining101 (UID 81770) |
|---|
| ارسال | 20/02/2025 02:17 PM (1 سنة منذ) |
|---|
| الاعتدال | 01/03/2025 03:32 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 298092 [Tenda AC7 1200M 15.03.06.44 /goform/telnet TendaTelnet lan_ip تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|