| タイトル | Tenda AC7 1200M large household 11ac dual-band wireless router V15.03.06.44 Command injection |
|---|
| 説明 | An issue was found in Tenda AC7 V1.0_V15.03.06.44 device: The tendatelnet function handles requests in http without proper handling of the lan_ip parameter and is subsequently concatenated directly with the doSystem system-level function. This can lead to command injection vulnerabilities and can also cause shell metacharacters to be enabled, for example, an attacker may use telnet to remotely access the attacked device. |
|---|
| ソース | ⚠️ https://github.com/Raining-101/IOT_cve/blob/main/Tenda%20a7%20V15.03.06.44%20Command%20injection.md |
|---|
| ユーザー | Raining101 (UID 81770) |
|---|
| 送信 | 2025年02月20日 14:17 (1 年 ago) |
|---|
| モデレーション | 2025年03月01日 15:32 (9 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 298092 [Tenda AC7 1200M 15.03.06.44 /goform/telnet TendaTelnet lan_ip 特権昇格] |
|---|
| ポイント | 20 |
|---|