A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
History

Fri, 01 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac1206
Weaknesses CWE-78
CPEs cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*
Vendors & Products Tenda ac1206

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda ac1206 Firmware
CPEs cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac1206 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 10 Oct 2024 15:45:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Tenda AC1206 ate ate_ifconfig_set command injection
Weaknesses CWE-77
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-10-10T15:31:06.625Z

Updated: 2024-10-10T17:46:05.897Z

Reserved: 2024-10-10T07:23:14.015Z

Link: CVE-2024-9793

cve-icon Vulnrichment

Updated: 2024-10-10T17:45:56.690Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-10T16:15:09.080

Modified: 2024-11-01T14:36:02.277

Link: CVE-2024-9793

cve-icon Redhat

No data.