CVE-2018-14558 - Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability

: Tenda | AC7, AC9, and AC10 Routers

Date Added:
2021-11-03

Due Date:
2022-05-03

Vulnerability Name: Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability

Description: Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply updates per vendor instructions.

Additional Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-14558

Related News Articles: Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS BotnetJanuary 22, 2025

Free online web security scanner

Don't show website scan report rating on the leaderboard