CVE-2024-9793

Summary

A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
TendaAC120615.03.06.0affected
TendaAC120615.03.06.1affected
TendaAC120615.03.06.2affected
TendaAC120615.03.06.3affected
TendaAC120615.03.06.4affected
TendaAC120615.03.06.5affected
TendaAC120615.03.06.6affected
TendaAC120615.03.06.7affected
TendaAC120615.03.06.8affected
TendaAC120615.03.06.9affected
TendaAC120615.03.06.10affected
TendaAC120615.03.06.11affected
TendaAC120615.03.06.12affected
TendaAC120615.03.06.13affected
TendaAC120615.03.06.14affected
TendaAC120615.03.06.15affected
TendaAC120615.03.06.16affected
TendaAC120615.03.06.17affected
TendaAC120615.03.06.18affected
TendaAC120615.03.06.19affected
TendaAC120615.03.06.20affected
TendaAC120615.03.06.21affected
TendaAC120615.03.06.22affected
TendaAC120615.03.06.23affected

Weaknesses

  • CWE-77: Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References