CVE-2021-45401
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
18/02/2022
Last modified:
28/02/2022
Description
A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. The vulnerability is caused because the client controlled "deviceName" value is passed directly to the "doSystemCmd" function.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi:*:*:*:*:*:*:* | ||
cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page