CVE-2022-24165: Command Injection
First published: Fri Feb 04 2022(Updated: )
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn G1 Firmware | =15.11.0.17\(9502\)_cn | |
| Tendacn G1 | ||
| Tendacn G3 Firmware | =15.11.0.17\(9502\)_cn | |
| Tendacn G3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-24165?
The severity of CVE-2022-24165 is critical with a score of 9.8.
How does CVE-2022-24165 affect Tenda routers G1 and G3?
CVE-2022-24165 affects Tenda routers G1 and G3 by allowing attackers to execute arbitrary commands via the qvlanIP parameter.
What is the vulnerability in Tenda routers G1 and G3 related to CVE-2022-24165?
The vulnerability in Tenda routers G1 and G3 related to CVE-2022-24165 is a command injection vulnerability in the function formSetQvlanList.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/event
- vendor/tendacn
- canonical/tendacn g1 firmware
- version/tendacn g1 firmware/15.11.0.17\(9502\)_cn
- canonical/tendacn g1
- canonical/tendacn g3 firmware
- version/tendacn g3 firmware/15.11.0.17\(9502\)_cn
- canonical/tendacn g3