CVE-2024-10697 in AC6
Summary
by MITRE • 11/02/2024
A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/05/2025
The vulnerability identified as CVE-2024-10697 represents a critical command injection flaw in Tenda AC6 routers running firmware version 15.03.05.19. This vulnerability resides within the device's web interface API endpoint, specifically in the formWriteFacMac function located at /goform/WriteFacMac. The issue stems from inadequate input validation and sanitization within the router's firmware, creating a dangerous pathway for malicious actors to execute arbitrary commands on the affected device. The vulnerability's classification as critical reflects the severe implications of unauthorized command execution on network infrastructure devices.
The technical exploitation of this vulnerability occurs through manipulation of the argument parameter within the API endpoint, allowing attackers to inject malicious commands that are subsequently executed with the privileges of the web server process. This command injection flaw enables attackers to gain unauthorized access to the router's underlying operating system, potentially leading to complete device compromise. The vulnerability's remote attack vector means that exploitation can occur without physical access to the device, making it particularly dangerous for network administrators who may not be aware of the compromised devices within their network infrastructure. The public disclosure of exploit details further amplifies the risk, as malicious actors can readily implement the attack without requiring advanced technical skills.
The operational impact of this vulnerability extends beyond simple device compromise, as compromised routers can serve as entry points for broader network infiltration attacks. Attackers may use the compromised device as a pivot point to launch attacks against other networked systems, potentially leading to data breaches, network disruption, or the installation of persistent backdoors. The vulnerability affects the router's factory MAC address functionality, which could be exploited to modify network identifiers and potentially evade network monitoring systems. This type of vulnerability directly aligns with CWE-77 and CWE-94, which specifically address command injection and code injection flaws respectively, and corresponds to ATT&CK techniques such as T1059.001 for command and script injection and T1021.001 for remote services.
Organizations should immediately implement mitigations including firmware updates from Tenda, network segmentation to isolate affected devices, and network monitoring to detect anomalous traffic patterns that may indicate exploitation attempts. The vulnerability underscores the importance of regular firmware updates and security assessments for network infrastructure devices. Network administrators should also consider implementing firewall rules to restrict access to the affected API endpoints and monitor for suspicious command execution patterns. Additionally, the vulnerability highlights the need for secure coding practices in embedded systems and the importance of input validation and sanitization in web applications. The public disclosure of this exploit emphasizes the urgency of remediation efforts, as the window for exploitation remains open while affected devices remain unpatched.