CVE-2018-16334: OS Command Injection
First published: Sun Sep 02 2018(Updated: )
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn Ac10 Firmware | <=15.03.06.23 | |
| Tendacn Ac10 | ||
| Tendacn Ac9 Firmware | =15.03.05.19 | |
| Tendacn Ac9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-16334.
What devices are affected by this vulnerability?
Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices are affected by this vulnerability.
What is the severity of CVE-2018-16334?
The severity of CVE-2018-16334 is critical with a CVSS score of 8.8.
How does the vulnerability occur?
The vulnerability occurs due to the direct use of the mac parameter in a POST request in a doSystemCmd call, causing OS command injection.
Is there a fix available for this vulnerability?
At the moment, there is no information available regarding a fix for this vulnerability. It is recommended to follow the vendor's security advisory for updates.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/tendacn
- canonical/tendacn ac10 firmware
- version/tendacn ac10 firmware/15.03.06.23
- canonical/tendacn ac10
- canonical/tendacn ac9 firmware
- version/tendacn ac9 firmware/15.03.05.19
- canonical/tendacn ac9