CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-24171

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.16

EPSS Ranking 94.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_35/35.md
https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_35/35.md

Products affected by CVE-2022-24171

Tendacn » G1 » Version: N/A

cpe:2.3:h:tendacn:g1:-
Tendacn » G3 » Version: N/A

cpe:2.3:h:tendacn:g3:-
Tendacn » G1 Firmware » Version: 15.11.0.17(9502)_cn

cpe:2.3:o:tendacn:g1_firmware:15.11.0.17(9502)_cn
Tendacn » G3 Firmware » Version: 15.11.0.17(9502)_cn

cpe:2.3:o:tendacn:g3_firmware:15.11.0.17(9502)_cn

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-24171

Products

Pricing

Contact Us