An issue exists on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tendacn ac10_firmware |
||
tendacn ac9_firmware 15.03.05.19 |