logo
Home/CVEs/CVE-2018-14558/

CVE-2018-14558 - Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability

Project:Tenda

Product:AC7, AC9, and AC10 Routers

Date Added:2021-11-03Due Date:2022-05-03

Vulnerability Name

Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability

Description

Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2018-14558

Related News Articles

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS BotnetJanuary 22, 2025