Submit #608856: Tenda O3V2 1.0.0.12(3880) Remote Command Executioninfo

TitelTenda O3V2 1.0.0.12(3880) Remote Command Execution
BeschreibungWe found an Command Injection vulnerability in Tenda router with firmware which was released recently, allows remote attackers to execute arbitrary OS commands from a crafted request.In fromTraceroutGet function, dest is directly passed by the attacker, so we can control the dest to attack the OS.
Quelle⚠️ https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_48/48.md
Benutzer
 pjq123 (UID 86618)
Einreichung04.07.2025 04:10 (vor 10 Monaten)
Moderieren10.07.2025 09:49 (6 days later)
StatusAkzeptiert
VulDB Eintrag315875 [Tenda O3V2 1.0.0.12(3880) httpd /goform/getTraceroute fromTraceroutGet dest erweiterte Rechte]
Punkte17

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!