| 제목 | Tenda AC7 1200M large household 11ac dual-band wireless router V15.03.06.44 Command injection |
|---|
| 설명 | An issue was found in Tenda AC7 V1.0_V15.03.06.44 device: The tendatelnet function handles requests in http without proper handling of the lan_ip parameter and is subsequently concatenated directly with the doSystem system-level function. This can lead to command injection vulnerabilities and can also cause shell metacharacters to be enabled, for example, an attacker may use telnet to remotely access the attacked device. |
|---|
| 원천 | ⚠️ https://github.com/Raining-101/IOT_cve/blob/main/Tenda%20a7%20V15.03.06.44%20Command%20injection.md |
|---|
| 사용자 | Raining101 (UID 81770) |
|---|
| 제출 | 2025. 02. 20. PM 02:17 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 01. PM 03:32 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 298092 [Tenda AC7 1200M 15.03.06.44 /goform/telnet TendaTelnet lan_ip 권한 상승] |
|---|
| 포인트들 | 20 |
|---|