CVE-2018-14558 - Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability

CVE ID:CVE-2018-14558

Project:Tenda

Product:AC7, AC9, and AC10 Routers

Date Added:2021-11-03Due Date:2022-05-03

Vulnerability Name

Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability

Description

Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2018-14558

Related News Articles

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS BotnetJanuary 22, 2025

Top Security News

Top CVE List

Common Alerts

MediumHTTP Parameter Override
LowInsufficient Site Isolation Against Spectre Vulnerability
MediumInformation Disclosure - JWT in Browser localStorage
HighSession Fixation
LowX-AspNet-Version Response Header
MediumMissing Anti-clickjacking Header
InformationalStorable but Non-Cacheable Content
HighLDAP Injection
InformationalASP.NET ViewState Disclosure
MediumCSP: script-src unsafe-eval

Common CWEs