Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.3
CVSSv2

CVE-2017-16936

Published: 24/11/2017 Updated: 12/12/2017
CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 294
Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Tenda

Vulnerability Summary

Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated malicious users to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring.

Vulnerable Product Search on Vulmon Subscribe to Product

tenda ac9_firmware us_ac9v1.0br_v15.03.05.14_multi_td01

tenda ac9_firmware ac9_kf_v15.03.05.19\\(6318_\\)_cn

tenda ac15_firmware us_ac15v1.0br_v15.03.05.18_multi_td01

tenda ac15_firmware us_ac15v1.0br_v15.03.05.19_multi_td01

tenda ac18_firmware us_ac18v1.0br_v15.03.05.05_multi_td01

tenda ac18_firmware ac18_kf_v15.03.05.19\\(6318_\\)_cn

References

CWE-22https://github.com/Iolop/Poc/tree/master/Router/Tendahttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook