CVE-2022-41395 An AC1200 router with a command injection vulnerability was discovered. The vulnerable function is setDMZ.
A hacker could exploit this vulnerability to execute arbitrary script code in the affected system. In short, this results in remote code execution.
CVE-2018-7487 has been assigned to this vulnerability.
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was also found to be vulnerable to another command injection issue.
CVE-2018-7488 has been assigned to this vulnerability.
A command injection vulnerability occurs when an attacker injects malicious commands into web-based user interfaces to take over the affected device.
An attacker could host a specially crafted website on a malicious server,straying the user to enter malicious code in the web-based user interface of an affected device.
Redirecting the user to a malicious website could trick the user into giving the hacker unnecessary permissions to the device.
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to be vulnerable to a cross-site scripting issue.
CVE-2018-7489 has been assigned to this vulnerability.
Redirecting users to a malicious website could trick the user into giving the hacker unnecessary permissions to the device.
Redirecting users to a malicious website could trick the user into giving the hacker unnecessary permissions to the device.
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576
Android-based router devices
There are also vulnerabilities in certain Android-based router devices, including Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576), which were discovered by Security Engineer Christopher Buddin from the company Tenable Network Security.
A command injection vulnerability occurs when an attacker injects malicious commands into web-based user interfaces to take over the affected device.
An attacker could host a specially crafted website on a malicious server,straying the user to enter malicious code in the web-based user interface of an affected device.
Redirecting the user to a malicious website could trick the user into giving the hacker unnecessary permissions to the device.
Timeline
Published on: 11/15/2022 03:15:00 UTC
Last modified on: 11/18/2022 21:34:00 UTC