Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Shenzhen Tenda产品命令注入漏洞
Vulnerability Description
Shenzhen Tenda Ac9等都是中国腾达(Tenda)公司的无线路由器产品。app_data_center是其中的一个应用数据中心。 多款Shenzhen Tenda产品中的app_data_center存在命令注入漏洞,该漏洞源于‘sub_A6E8 usbeject_process_entry’函数使用不可信的输入执行系统功能。远程攻击者可通过发送特制的cgi-bin/luci/usbeject?dev_name= GET请求利用该漏洞执行任意的操作系统命令。以下版本受到影响:Shenzhen
CVSS Information
N/A
Vulnerability Type
N/A