CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-45401

A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. The vulnerability is caused because the client controlled "deviceName" value is passed directly to the "doSystemCmd" function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.121

EPSS Ranking 93.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/Tenda_AC10U_command_injection_RCE.pdf
https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/Tenda_AC10U_command_injection_RCE.pdf

Products affected by CVE-2021-45401

Tendacn » Ac10u » Version: 1.0

cpe:2.3:h:tendacn:ac10u:1.0
Tendacn » Ac10u Firmware » Version: 15.03.06.49_multi

cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-45401

Products

Pricing

Contact Us