CVE-2021-45401: Command Injection
First published: Fri Feb 18 2022(Updated: )
A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. The vulnerability is caused because the client controlled "deviceName" value is passed directly to the "doSystemCmd" function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn Ac10u Firmware | =15.03.06.49_multi | |
| Tendacn Ac10u | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this command injection vulnerability?
The vulnerability ID for this command injection vulnerability is CVE-2021-45401.
What is the affected software?
The affected software is Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi.
What is the severity of CVE-2021-45401?
The severity of CVE-2021-45401 is critical with a CVSS score of 9.8.
How does this vulnerability occur?
This vulnerability occurs due to a command injection in the setUsbUnload functionality, where a client-controlled value is passed directly to the doSystemCmd function.
Is there a fix available for this vulnerability?
There is no information available about a fix for this vulnerability. It is recommended to contact the vendor for further information.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/tendacn
- canonical/tendacn ac10u firmware
- version/tendacn ac10u firmware/15.03.06.49_multi
- canonical/tendacn ac10u
- version/tendacn ac10u/1.0