Tenda AC10 httpd formAddMacfilterRule os command injection

A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Tenda AC10 操作系统命令注入漏洞

Tenda AC10是中国腾达（Tenda）公司的一款无线路由器。 Tenda AC10 16.03.10.10_multi_TDE01版本存在操作系统命令注入漏洞，该漏洞源于文件/bin/httpd中formAddMacfilterRule函数存在OS命令注入。

N/A

N/A