| Título | Tenda AC6 V2.0 (AC1206) Firmware US_AC6V2.0RTL_V15.03.06.23_multi_TD01 arbitrary command execution |
|---|
| Descrição | A critical arbitrary command execution vulnerability exists in the
formexeCommand function (0x495918) of /bin/httpd in Tenda AC6 V2.0
firmware V15.03.06.23.
The function reads the "cmdinput" parameter via websGetVar() and passes
it directly to doSystemCmd("%s > /tmp/cmdTmp.txt", cmdinput), which
internally calls system(). No input validation is performed.
This allows any authenticated user to execute arbitrary OS commands as
root. The command output is written to /tmp/cmdTmp.txt.
Known CVEs CVE-2024-32283 and CVE-2024-35340 target the same function
name on FH1203 and FH1206 models respectively. AC6 V2.0 (AC1206) is
NOT listed in the affected products of those CVEs. |
|---|
| Fonte | ⚠️ https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/Tenda%20AC6V2%20formexeCommand%20Arbitrary%20Command%20Execution.md |
|---|
| Utilizador | ST4R (UID 96634) |
|---|
| Submissão | 22/04/2026 09h40 (há 1 mês) |
|---|
| Moderação | 10/05/2026 17h02 (18 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada VulDB | 296523 [Tenda AC6 15.03.05.16 formexeCommand cmdinput Elevação de Privilégios] |
|---|
| Pontos | 0 |
|---|