Vulnerability Details CVE-2018-16334
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.12
EPSS Ranking 93.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2018-16334
-
cpe:2.3:h:tendacn:ac10:-
-
cpe:2.3:h:tendacn:ac9:-
-
cpe:2.3:o:tendacn:ac10_firmware:-
-
cpe:2.3:o:tendacn:ac10_firmware:15.03.06.23
-
cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19