CVE-2021-27691: Buffer Overflow
First published: Thu Apr 15 2021(Updated: )
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn G0 Firmware | =15.11.0.5\(5876\)_cn | |
| Tendacn G0 Firmware | =15.11.0.6\(9039\)_cn | |
| Tendacn G0 | ||
| Tendacn G1 Firmware | =15.11.0.16\(9024\)_cn | |
| Tendacn G1 Firmware | =15.11.0.17\(9502\)_cn | |
| Tendacn G1 | ||
| Tendacn G3 Firmware | =15.11.0.16\(9024\)_cn | |
| Tendacn G3 Firmware | =15.11.0.17\(9502\)_cn | |
| Tendacn G3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-27691?
CVE-2021-27691 is classified as a high severity vulnerability due to its potential for remote exploitation and execution of arbitrary commands.
How do I fix CVE-2021-27691?
To fix CVE-2021-27691, update the firmware on your Tenda G0, G1, or G3 routers to the latest versions provided by Tenda.
Which router models are affected by CVE-2021-27691?
CVE-2021-27691 affects Tenda G0 routers with firmware versions 15.11.0.5(5876)_CN and 15.11.0.6(9039)_CN, as well as Tenda G1 and G3 routers with specific firmware versions.
Can CVE-2021-27691 be exploited remotely?
Yes, CVE-2021-27691 can be exploited remotely, allowing attackers to execute arbitrary OS commands.
What types of commands can be executed due to CVE-2021-27691?
Due to CVE-2021-27691, attackers can execute arbitrary OS commands on the vulnerable routers, potentially compromising their integrity and security.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/tendacn
- canonical/tendacn g0 firmware
- version/tendacn g0 firmware/15.11.0.5\(5876\)_cn
- version/tendacn g0 firmware/15.11.0.6\(9039\)_cn
- canonical/tendacn g0
- canonical/tendacn g1 firmware
- version/tendacn g1 firmware/15.11.0.16\(9024\)_cn
- version/tendacn g1 firmware/15.11.0.17\(9502\)_cn
- canonical/tendacn g1
- canonical/tendacn g3 firmware
- version/tendacn g3 firmware/15.11.0.16\(9024\)_cn
- version/tendacn g3 firmware/15.11.0.17\(9502\)_cn
- canonical/tendacn g3