Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-27692

Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Products affected by CVE-2021-27692
  • Tendacn » G1 » Version: N/A
    cpe:2.3:h:tendacn:g1:-
  • Tendacn » G3 » Version: N/A
    cpe:2.3:h:tendacn:g3:-
  • Tendacn » G1 Firmware » Version: 15.11.0.16(9024)_cn
    cpe:2.3:o:tendacn:g1_firmware:15.11.0.16(9024)_cn
  • Tendacn » G1 Firmware » Version: 15.11.0.17(9502)_cn
    cpe:2.3:o:tendacn:g1_firmware:15.11.0.17(9502)_cn
  • Tendacn » G3 Firmware » Version: 15.11.0.16(9024)_cn
    cpe:2.3:o:tendacn:g3_firmware:15.11.0.16(9024)_cn
  • Tendacn » G3 Firmware » Version: 15.11.0.17(9502)_cn
    cpe:2.3:o:tendacn:g3_firmware:15.11.0.17(9502)_cn


Products
Pricing
Contact Us

Shodan ® - All rights reserved