CVE-2024-30645 in AC15V1.0
Summary
by MITRE • 03/29/2024
Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/26/2026
The Tenda AC15V1.0 V15.03.20_multi router firmware contains a critical command injection vulnerability that arises from improper input validation within the deviceName parameter handling mechanism. This flaw exists in the web interface administration component where user-supplied data is directly concatenated into system commands without adequate sanitization or escaping. The vulnerability stems from a classic lack of proper input validation and output encoding, creating an environment where malicious actors can inject arbitrary commands that execute with the privileges of the web server process. The affected parameter deviceName is used in the context of device identification and configuration management, making it a prime target for exploitation during routine administrative tasks or network configuration processes. This vulnerability represents a significant security risk as it allows unauthorized users to execute arbitrary code on the affected device, potentially leading to complete system compromise.
The technical implementation of this command injection flaw occurs when the deviceName parameter is processed within the router's web application layer. Attackers can manipulate this parameter to inject shell commands that bypass normal input validation checks, exploiting the underlying assumption that all user input will be properly formatted and safe for execution. The vulnerability is classified as CWE-77 according to the Common Weakness Enumeration catalog, which specifically addresses command injection flaws where untrusted data is incorporated into command execution contexts. The attack vector involves sending specially crafted HTTP requests containing malicious payloads in the deviceName field, which when processed by the vulnerable firmware, results in arbitrary command execution on the underlying operating system. This type of vulnerability is particularly dangerous in network infrastructure devices as it can be exploited remotely without authentication, allowing attackers to gain persistent access to the network.
The operational impact of this vulnerability extends far beyond simple command execution, as it provides attackers with complete control over the affected router's functionality and network access. Successful exploitation can lead to network reconnaissance activities, port forwarding configuration changes, DNS server modifications, and potential lateral movement within the local network. The compromised device can serve as a pivot point for attacking other networked systems or as a persistent backdoor for ongoing access. From an attacker perspective, this vulnerability aligns with the MITRE ATT&CK framework under the technique T1059.001 for Command and Scripting Interpreter, specifically targeting the execution of commands through the web interface. The vulnerability also maps to T1566.001 for Phishing, as attackers might use this flaw to create malicious network configurations that appear legitimate to network administrators.
Mitigation strategies for this vulnerability require immediate firmware updates from Tenda to address the input validation shortcomings and implement proper command escaping mechanisms. Network administrators should consider implementing network segmentation and access controls to limit exposure of administrative interfaces to untrusted networks. Additionally, monitoring network traffic for suspicious command execution patterns and implementing web application firewalls can help detect and prevent exploitation attempts. The vulnerability highlights the importance of input validation and proper sanitization in network device firmware, emphasizing that all user-supplied data must be treated as potentially malicious. Organizations should also conduct regular vulnerability assessments of their network infrastructure to identify similar issues in other devices and ensure proper patch management procedures are in place. The remediation process should include not only updating the firmware but also reviewing and strengthening the overall security posture of network devices to prevent similar command injection vulnerabilities from being introduced in future implementations.