CVE-2018-16334
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
02/09/2018
Last modified:
25/10/2018
Description
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
9.00
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:tendacn:ac10_firmware:*:*:*:*:*:*:*:* | 15.03.06.23 (including) | |
cpe:2.3:h:tendacn:ac10:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19:*:*:*:*:*:*:* | ||
cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page