First published: Tue Apr 16 2024(Updated: )
A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tenda W30e Firmware | ||
All of | ||
Tenda W30e Firmware | =1.0.1.25\(633\) | |
Tenda W30e Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-3880 is classified as a critical vulnerability.
CVE-2024-3880 affects the formWriteFacMac function allowing for OS command injection through remote manipulation of the MAC argument.
Yes, CVE-2024-3880 can be exploited remotely.
To address CVE-2024-3880, update the firmware of the Tenda W30E to the latest version provided by the manufacturer.
Exploitation of CVE-2024-3880 could allow an attacker to execute arbitrary OS commands on the vulnerable device.