CVE-2022-24170: Command Injection
First published: Fri Feb 04 2022(Updated: )
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn G1 Firmware | =15.11.0.17\(9502\)_cn | |
| Tendacn G1 | ||
| Tendacn G3 Firmware | =15.11.0.17\(9502\)_cn | |
| Tendacn G3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Tenda router issue?
The vulnerability ID for this Tenda router issue is CVE-2022-24170.
What is the severity level of CVE-2022-24170?
The severity level of CVE-2022-24170 is critical, with a score of 9.8.
Which Tenda routers are affected by CVE-2022-24170?
Tenda routers G1 and G3 v15.11.0.17(9502)_CN are affected by CVE-2022-24170.
How can attackers exploit CVE-2022-24170?
Attackers can exploit CVE-2022-24170 by executing arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.
Is there a fix available for CVE-2022-24170?
At the moment, there is no information available about a fix for CVE-2022-24170. It is recommended to follow vendor advisories for updates and patches.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tendacn
- canonical/tendacn g1 firmware
- version/tendacn g1 firmware/15.11.0.17\(9502\)_cn
- canonical/tendacn g1
- canonical/tendacn g3 firmware
- version/tendacn g3 firmware/15.11.0.17\(9502\)_cn
- canonical/tendacn g3