Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-14558

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.675
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.
Ransomware Campaign
Unknown
Products affected by CVE-2018-14558
  • Tenda » Ac10 » Version: N/A
    cpe:2.3:h:tenda:ac10:-
  • Tenda » Ac7 » Version: N/A
    cpe:2.3:h:tenda:ac7:-
  • Tenda » Ac9 » Version: N/A
    cpe:2.3:h:tenda:ac9:-
  • Tenda » Ac10 Firmware » Version: 15.03.06.23
    cpe:2.3:o:tenda:ac10_firmware:15.03.06.23
  • Tenda » Ac10 Firmware » Version: 15.03.06.23_cn
    cpe:2.3:o:tenda:ac10_firmware:15.03.06.23_cn
  • Tenda » Ac7 Firmware » Version: 1.0
    cpe:2.3:o:tenda:ac7_firmware:1.0
  • Tenda » Ac7 Firmware » Version: 15.03.06.44
    cpe:2.3:o:tenda:ac7_firmware:15.03.06.44
  • Tenda » Ac7 Firmware » Version: 15.03.06.44_cn
    cpe:2.3:o:tenda:ac7_firmware:15.03.06.44_cn
  • Tenda » Ac9 Firmware » Version: 15.03.05.14
    cpe:2.3:o:tenda:ac9_firmware:15.03.05.14
  • Tenda » Ac9 Firmware » Version: 15.03.05.19
    cpe:2.3:o:tenda:ac9_firmware:15.03.05.19
  • Tenda » Ac9 Firmware » Version: 15.03.05.19(6318)
    cpe:2.3:o:tenda:ac9_firmware:15.03.05.19(6318)
  • Tenda » Ac9 Firmware » Version: 15.03.05.19(6318)_cn
    cpe:2.3:o:tenda:ac9_firmware:15.03.05.19(6318)_cn
  • Tenda » Ac9 Firmware » Version: 15.03.2.13
    cpe:2.3:o:tenda:ac9_firmware:15.03.2.13
  • Tenda » Ac9 Firmware » Version: 15.03.2.21
    cpe:2.3:o:tenda:ac9_firmware:15.03.2.21
  • Tenda » Ac9 Firmware » Version: 15.03.2.21_cn
    cpe:2.3:o:tenda:ac9_firmware:15.03.2.21_cn
  • Tenda » Ac9 Firmware » Version: 3.0
    cpe:2.3:o:tenda:ac9_firmware:3.0
  • Tenda » Ac9 Firmware » Version: 5.03.06.42_multi
    cpe:2.3:o:tenda:ac9_firmware:5.03.06.42_multi


Products
Pricing
Contact Us

Shodan ® - All rights reserved