| 标题 | Tenda AC6 V2.0 (AC1206) Firmware US_AC6V2.0RTL_V15.03.06.23_multi_TD01 arbitrary command execution |
|---|
| 描述 | A critical arbitrary command execution vulnerability exists in the
formexeCommand function (0x495918) of /bin/httpd in Tenda AC6 V2.0
firmware V15.03.06.23.
The function reads the "cmdinput" parameter via websGetVar() and passes
it directly to doSystemCmd("%s > /tmp/cmdTmp.txt", cmdinput), which
internally calls system(). No input validation is performed.
This allows any authenticated user to execute arbitrary OS commands as
root. The command output is written to /tmp/cmdTmp.txt.
Known CVEs CVE-2024-32283 and CVE-2024-35340 target the same function
name on FH1203 and FH1206 models respectively. AC6 V2.0 (AC1206) is
NOT listed in the affected products of those CVEs. |
|---|
| 来源 | ⚠️ https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/Tenda%20AC6V2%20formexeCommand%20Arbitrary%20Command%20Execution.md |
|---|
| 用户 | ST4R (UID 96634) |
|---|
| 提交 | 2026-04-22 09時40分 (2 月前) |
|---|
| 管理 | 2026-05-10 17時02分 (18 days later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 296523 [Tenda AC6 15.03.05.16 formexeCommand cmdinput 权限提升] |
|---|
| 积分 | 0 |
|---|