| Titel | Tenda AC6 V2.0 (AC1206) Firmware US_AC6V2.0RTL_V15.03.06.23_multi_TD01 arbitrary command execution |
|---|
| Beschreibung | A critical arbitrary command execution vulnerability exists in the
formexeCommand function (0x495918) of /bin/httpd in Tenda AC6 V2.0
firmware V15.03.06.23.
The function reads the "cmdinput" parameter via websGetVar() and passes
it directly to doSystemCmd("%s > /tmp/cmdTmp.txt", cmdinput), which
internally calls system(). No input validation is performed.
This allows any authenticated user to execute arbitrary OS commands as
root. The command output is written to /tmp/cmdTmp.txt.
Known CVEs CVE-2024-32283 and CVE-2024-35340 target the same function
name on FH1203 and FH1206 models respectively. AC6 V2.0 (AC1206) is
NOT listed in the affected products of those CVEs. |
|---|
| Quelle | ⚠️ https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/Tenda%20AC6V2%20formexeCommand%20Arbitrary%20Command%20Execution.md |
|---|
| Benutzer | ST4R (UID 96634) |
|---|
| Einreichung | 22.04.2026 09:40 (vor 2 Monaten) |
|---|
| Moderieren | 10.05.2026 17:02 (18 days later) |
|---|
| Status | Duplikat |
|---|
| VulDB Eintrag | 296523 [Tenda AC6 15.03.05.16 formexeCommand cmdinput erweiterte Rechte] |
|---|
| Punkte | 0 |
|---|