CVE-2022-45977 in AX12
Summary
by MITRE • 12/12/2022
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/23/2025
The vulnerability identified as CVE-2022-45977 affects the Tenda AX12 wireless router model with firmware version V22.03.01.21_CN, representing a critical command injection flaw within the device's web interface administration functionality. This vulnerability specifically resides within the /goform/setMacFilterCfg function, which handles MAC address filtering configuration settings for network access control. The flaw allows unauthorized remote attackers to execute arbitrary commands on the affected device by manipulating input parameters passed to this function, effectively bypassing the device's intended security controls and authentication mechanisms.
The technical nature of this vulnerability stems from insufficient input validation and sanitization within the web application layer of the router's firmware. When the /goform/setMacFilterCfg endpoint processes user-supplied data, it fails to properly sanitize or escape special characters that could be interpreted as command delimiters or operators by the underlying operating system. This creates a classic command injection attack vector where malicious payloads can be injected directly into system commands executed by the router's embedded operating system, potentially allowing full system compromise through arbitrary code execution.
From an operational impact perspective, this vulnerability presents a severe risk to network security infrastructure as it enables remote code execution without requiring authentication or authorization. An attacker could leverage this flaw to gain full administrative control over the router, potentially leading to man-in-the-middle attacks, network traffic interception, DNS hijacking, or even using the compromised device as a pivot point for attacking other systems within the local network. The vulnerability affects the device's core network filtering functionality, which could be exploited to disable security features or establish persistent backdoors. This type of vulnerability directly impacts the integrity and availability of network services, as attackers could potentially disrupt network operations or gain unauthorized access to sensitive network resources.
The vulnerability aligns with CWE-77 and CWE-78 categories from the Common Weakness Enumeration database, specifically addressing command injection weaknesses in application input handling. From the MITRE ATT&CK framework perspective, this vulnerability maps to techniques such as T1059.001 (Command and Scripting Interpreter: PowerShell) and T1068 (Exploitation for Privilege Escalation) when exploited by threat actors. Organizations should implement immediate mitigations including firmware updates from Tenda's official sources, network segmentation to limit exposure, and monitoring for suspicious traffic patterns related to the affected endpoint. Additionally, network administrators should consider disabling unnecessary web management interfaces, implementing firewall rules to restrict access to the router's administrative ports, and conducting comprehensive vulnerability assessments of all network devices to identify similar weaknesses in other vendor equipment. The vulnerability underscores the importance of secure coding practices and input validation in embedded network devices, particularly those handling administrative functions through web interfaces.