CVE-2018-16334

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
02/09/2018
Last modified:
25/10/2018

Description

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:tendacn:ac10_firmware:*:*:*:*:*:*:*:* 15.03.06.23 (including)
cpe:2.3:h:tendacn:ac10:-:*:*:*:*:*:*:*
cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19:*:*:*:*:*:*:*
cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:*