Headline
CVE-2023-30135: Tenda/8.md at main · DrizzlingSun/Tenda
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.
Permalink
Cannot retrieve contributors at this time
Tenda AC18 Unauthorized command injection
****1. Affected version:****
Tenda ac18_kf_V15.03.05.19(6318_)_cn
****2. Firmware download address****
AC18升级软件_腾达(Tenda)官方网站
****3. Vulnerability details****
The function “setUsbUnload” contains a command injection vulnerability. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
****4. Recurring vulnerabilities and POC****
5. Author
Drizzling_Sun @KRlab