| Title | Tenda AC7 1200M large household 11ac dual-band wireless router V15.03.06.44 Command injection |
|---|
| Description | An issue was found in Tenda AC7 V1.0_V15.03.06.44 device: The tendatelnet function handles requests in http without proper handling of the lan_ip parameter and is subsequently concatenated directly with the doSystem system-level function. This can lead to command injection vulnerabilities and can also cause shell metacharacters to be enabled, for example, an attacker may use telnet to remotely access the attacked device. |
|---|
| Source | ⚠️ https://github.com/Raining-101/IOT_cve/blob/main/Tenda%20a7%20V15.03.06.44%20Command%20injection.md |
|---|
| User | Raining101 (UID 81770) |
|---|
| Submission | 02/20/2025 14:17 (1 Year ago) |
|---|
| Moderation | 03/01/2025 15:32 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 298092 [Tenda AC7 1200M 15.03.06.44 /goform/telnet TendaTelnet lan_ip os command injection] |
|---|
| Points | 20 |
|---|