Impact
The vulnerability resides in the sub_425A28 function of /goform/DelFil within the Tenda 4G300 firmware. By manipulating the delflag argument, an attacker can inject arbitrary shell commands, resulting in remote command execution. This weakness is identified by CWE-74 and CWE-77, indicating uncontrolled format string and command injection vulnerabilities.
Affected Systems
Affected devices are Tenda 4G300 Router models running unspecified firmware versions.
Risk and Exploitability
The CVSS score of 5.3 indicates a moderate severity. The EPSS score of 0.01314 indicates a very low but possible chance of exploitation, and the vulnerability is not listed in CISA KEV. A public exploit exists, meaning an attacker can issue a request to the vulnerable endpoint from the internet. The attack vector is remote, requiring network access to the router.
OpenCVE Enrichment