CVE-2017-16923
8.8
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.
Affected (6)
Products: Tenda: Ac9 Firmware, Ac15 Firmware, Ac18 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version us_ac9v1.0br_v15.03.05.14_multi_td01 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version ac9_kf_v15.03.05.19(6318_)_cn |
| Running on/with | Platform Versions |
|---|---|
Tenda Ac9 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version us_ac15v1.0br_v15.03.05.18_multi_td01 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version us_ac15v1.0br_v15.03.05.19_multi_td01 |
| Running on/with | Platform Versions |
|---|---|
Tenda Ac15 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version us_ac18v1.0br_v15.03.05.05_multi_td01 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version ac18_kf_v15.03.05.19(6318_)_cn |
| Running on/with | Platform Versions |
|---|---|
Tenda Ac18 | All versions |
References (2)
Source: cve@mitre.org
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Timeline
No history available yet.