Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tenda G300-F Command Injection via formSetWanDiag
Vulnerability Description
Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality (formSetWanDiag). The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without adequate neutralization. As a result, a remote attacker with access to the affected management interface can inject additional shell syntax and execute arbitrary commands on the device with the privileges of the management process.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Tenda G300-F 操作系统命令注入漏洞
Vulnerability Description
Tenda G300-F是中国腾达(Tenda)公司的一个VPN路由器。 Tenda G300-F 16.01.14.2及之前版本存在操作系统命令注入漏洞,该漏洞源于WAN诊断功能中存在OS命令注入,可能导致执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A