CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27691

Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.035

EPSS Ranking 87.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

Products affected by CVE-2021-27691

Tendacn » G0 » Version: N/A

cpe:2.3:h:tendacn:g0:-
Tendacn » G1 » Version: N/A

cpe:2.3:h:tendacn:g1:-
Tendacn » G3 » Version: N/A

cpe:2.3:h:tendacn:g3:-
Tendacn » G0 Firmware » Version: 15.11.0.5(5876)_cn

cpe:2.3:o:tendacn:g0_firmware:15.11.0.5(5876)_cn
Tendacn » G0 Firmware » Version: 15.11.0.6(9039)_cn

cpe:2.3:o:tendacn:g0_firmware:15.11.0.6(9039)_cn
Tendacn » G1 Firmware » Version: 15.11.0.16(9024)_cn

cpe:2.3:o:tendacn:g1_firmware:15.11.0.16(9024)_cn
Tendacn » G1 Firmware » Version: 15.11.0.17(9502)_cn

cpe:2.3:o:tendacn:g1_firmware:15.11.0.17(9502)_cn
Tendacn » G3 Firmware » Version: 15.11.0.16(9024)_cn

cpe:2.3:o:tendacn:g3_firmware:15.11.0.16(9024)_cn
Tendacn » G3 Firmware » Version: 15.11.0.17(9502)_cn

cpe:2.3:o:tendacn:g3_firmware:15.11.0.17(9502)_cn

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27691

Products

Pricing

Contact Us