Sign-up

ID

VAR-201911-0810


CVE

CVE-2019-5071


TITLE

Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012518

DESCRIPTION

An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS1 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability. Tenda AC9 is a wireless router. Tenda AC9 /goform/WanParameterSetting implements a security vulnerability in handling DNS1 POST parameters, allowing remote attackers to use the vulnerability to submit special requests and execute arbitrary OS commands

Trust: 2.16

sources: NVD: CVE-2019-5071 // JVNDB: JVNDB-2019-012518 // CNVD: CNVD-2020-35171

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-35171

AFFECTED PRODUCTS

vendor:tendacnmodel:ac9v1.0scope:eqversion:15.03.05.14_en

Trust: 1.0

vendor:tendacnmodel:ac9v1.0scope:eqversion:15.03.05.16multitru

Trust: 1.0

vendor:tendamodel:ac9v1.0scope:eqversion:15.03.05.16multitru

Trust: 0.8

vendor:tendamodel:ac9scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-35171 // JVNDB: JVNDB-2019-012518 // NVD: CVE-2019-5071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5071
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2019-5071
value: HIGH

Trust: 1.0

NVD: CVE-2019-5071
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-35171
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201911-1255
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5071
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-35171
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

talos-cna@cisco.com: CVE-2019-5071
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-5071
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2020-35171 // JVNDB: JVNDB-2019-012518 // CNNVD: CNNVD-201911-1255 // NVD: CVE-2019-5071 // NVD: CVE-2019-5071

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-012518 // NVD: CVE-2019-5071

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1255

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201911-1255

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012518

PATCH
title:AC9  /  Router  /  AC1200 Smart Dual-Band Gigabit WiFi Routerurl:https://tendacn.com/en/product/AC9.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012518

EXTERNAL IDS
db:NVDid:CVE-2019-5071
Trust: 3.0
db:TALOSid:TALOS-2019-0861
Trust: 2.4
db:JVNDBid:JVNDB-2019-012518
Trust: 0.8
db:CNVDid:CNVD-2020-35171
Trust: 0.6
db:CNNVDid:CNNVD-201911-1255
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-35171 // 
            
            
            
            JVNDB: JVNDB-2019-012518 // 
            
            
            
            CNNVD: CNNVD-201911-1255 // 
            
            
            
            NVD: CVE-2019-5071

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0861
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-5071
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5071
Trust: 0.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2019-0861
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-35171 // 
            
            
            
            JVNDB: JVNDB-2019-012518 // 
            
            
            
            CNNVD: CNNVD-201911-1255 // 
            
            
            
            NVD: CVE-2019-5071

SOURCES
db:CNVDid:CNVD-2020-35171
db:JVNDBid:JVNDB-2019-012518
db:CNNVDid:CNNVD-201911-1255
db:NVDid:CVE-2019-5071

LAST UPDATE DATE
2024-11-23T21:59:38.411000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-35171date:2020-06-30T00:00:00
db:JVNDBid:JVNDB-2019-012518date:2019-12-04T00:00:00
db:CNNVDid:CNNVD-201911-1255date:2022-04-20T00:00:00
db:NVDid:CVE-2019-5071date:2024-11-21T04:44:17.677

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-35171date:2020-06-30T00:00:00
db:JVNDBid:JVNDB-2019-012518date:2019-12-04T00:00:00
db:CNNVDid:CNNVD-201911-1255date:2019-11-21T00:00:00
db:NVDid:CVE-2019-5071date:2019-11-21T17:15:12.057