CVE-2019-16213: OS Command Injection
First published: Thu Jun 25 2020(Updated: )
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn Pa6 Firmware | =1.0.1.21 | |
| Tendacn Pa6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-16213?
CVE-2019-16213 is a vulnerability in the Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 that could allow a remote authenticated attacker to execute arbitrary commands on the system.
What is the severity of CVE-2019-16213?
CVE-2019-16213 has a severity rating of 8.8 (Critical).
How does the vulnerability in the Tenda PA6 Wi-Fi Powerline extender occur?
The vulnerability in the Tenda PA6 Wi-Fi Powerline extender occurs when a remote authenticated attacker sends a specially crafted string to modify the device name of an attached PLC adapter, allowing them to inject and execute arbitrary commands on the system.
Which version of Tendacn Pa6 Firmware is affected by CVE-2019-16213?
Tendacn Pa6 Firmware version 1.0.1.21 is affected by CVE-2019-16213.
Is Tendacn Pa6 affected by CVE-2019-16213?
No, Tendacn Pa6 is not affected by CVE-2019-16213.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tendacn
- canonical/tendacn pa6 firmware
- version/tendacn pa6 firmware/1.0.1.21
- canonical/tendacn pa6