CVE-2024-10697: Tenda AC6 API Endpoint WriteFacMac formWriteFacMac command injection
First published: Sat Nov 02 2024(Updated: )
A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Tenda AC6 Firmware | =15.03.05.19 | |
| Tenda AC6 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-10697?
CVE-2024-10697 is classified as a critical vulnerability.
How do I fix CVE-2024-10697?
To fix CVE-2024-10697, it is recommended to update the firmware of Tenda AC6 to the latest version that addresses this vulnerability.
What components are affected by CVE-2024-10697?
CVE-2024-10697 affects the API Endpoint, specifically the function formWriteFacMac in the Tenda AC6 firmware version 15.03.05.19.
What type of vulnerability is CVE-2024-10697?
CVE-2024-10697 is a command injection vulnerability.
Who is affected by CVE-2024-10697?
Users of the Tenda AC6 firmware version 15.03.05.19 are affected by CVE-2024-10697.
- agent/weakness
- agent/references
- agent/title
- agent/description
- agent/first-publish-date
- agent/type
- agent/event
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/tenda
- canonical/tenda ac6
- version/tenda ac6/15.03.05.19
- canonical/tenda ac6 firmware