Soumettre #608856: Tenda O3V2 1.0.0.12(3880) Remote Command Executioninformation

TitreTenda O3V2 1.0.0.12(3880) Remote Command Execution
DescriptionWe found an Command Injection vulnerability in Tenda router with firmware which was released recently, allows remote attackers to execute arbitrary OS commands from a crafted request.In fromTraceroutGet function, dest is directly passed by the attacker, so we can control the dest to attack the OS.
La source⚠️ https://github.com/wudipjq/my_vuln/blob/main/Tenda3/vuln_48/48.md
Utilisateur
 pjq123 (UID 86618)
Soumission04/07/2025 04:10 (il y a 10 mois)
Modérer10/07/2025 09:49 (6 days later)
StatutAccepté
Entrée VulDB315875 [Tenda O3V2 1.0.0.12(3880) httpd /goform/getTraceroute fromTraceroutGet dest élévation de privilèges]
Points17

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!