CVE-2024-50853: Command Injection
First published: Wed Nov 13 2024(Updated: )
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Tendacn G3 Firmware | =15.11.0.20 | |
| Tendacn G3 | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-50853?
CVE-2024-50853 has been classified as a high severity vulnerability due to its command injection potential.
How do I fix CVE-2024-50853?
To fix CVE-2024-50853, you should upgrade Tenda G3 firmware to a version higher than 15.11.0.20.
What impact does CVE-2024-50853 have on Tenda G3?
CVE-2024-50853 allows an attacker to execute arbitrary commands on the Tenda G3 device, potentially compromising the device's integrity.
Is my Tenda G3 device vulnerable if it runs firmware 15.11.0.20?
Yes, Tenda G3 devices running firmware version 15.11.0.20 are vulnerable to CVE-2024-50853.
What functions are affected by CVE-2024-50853?
The command injection vulnerability in CVE-2024-50853 is specifically triggered through the formSetDebugCfg function.
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/source
- vendor/tendacn
- canonical/tendacn g3 firmware
- version/tendacn g3 firmware/15.11.0.20
- canonical/tendacn g3
- version/tendacn g3/3.0