Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 24 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac15
CPEs cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*
Vendors & Products Tenda ac15

Tue, 10 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda ac15 Firmware
Weaknesses CWE-77
CPEs cpe:2.3:o:tenda:ac15_firmware:15.03.05.20:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac15 Firmware
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 10 Sep 2024 16:15:00 +0000

Type Values Removed Values Added
Description Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-10T19:19:54.168Z

Reserved: 2023-06-21T00:00:00

Link: CVE-2023-36103

cve-icon Vulnrichment

Updated: 2024-09-10T19:19:48.390Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-10T16:15:18.380

Modified: 2024-09-24T18:10:16.207

Link: CVE-2023-36103

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.