CVE-2018-14558 - Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
Project:Tenda
Product:AC7, AC9, and AC10 Routers
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
Description
Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-14558
Related News Articles
Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS BotnetJanuary 22, 2025