| 제목 | Tenda AC6 V15.03.05.19 Command Injection |
|---|
| 설명 | The parameter mac in the function formWriteFacMac is concatenated and causes the execution of a system command. the front-end is calling an API endpoint named WriteFacMac, which is likely a GET request that sends a MAC address to the server. |
|---|
| 원천 | ⚠️ https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md |
|---|
| 사용자 | theRaz0r (UID 76937) |
|---|
| 제출 | 2024. 10. 31. PM 12:47 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 11. 01. PM 06:01 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 282865 [Tenda AC6 15.03.05.19 API Endpoint /goform/WriteFacMac formWriteFacMac mac 권한 상승] |
|---|
| 포인트들 | 16 |
|---|