ID
VAR-202307-0484
CVE
CVE-2023-37144
TITLE
Tenda of AC10 Command injection vulnerability in firmware
Trust: 0.8
DESCRIPTION
Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. Tenda of AC10 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is a wireless router made by China Tenda Company. The vulnerability stems from the failure of the application to properly filter special characters, commands, etc. in constructing commands
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tendacn | model: | ac10 | scope: | eq | version: | 15.03.06.26 | Trust: 1.0 |
| vendor: | tenda | model: | ac10 | scope: | eq | version: | ac10 firmware 15.03.06.26 | Trust: 0.8 |
| vendor: | tenda | model: | ac10 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | ac10 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | ac10 | scope: | eq | version: | v15.03.06.26 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-77 | Trust: 1.0 |
| problemtype: | Command injection (CWE-77) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
command injection
Trust: 0.6
PATCH
| title: | Patch for Tenda AC10 Command Execution Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/440336 | Trust: 0.6 |
| title: | Tenda AC10 Fixes for command injection vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=245901 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-37144 | Trust: 3.9 |
| db: | JVNDB | id: | JVNDB-2023-017091 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2023-58826 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202307-483 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2023-37144 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/dadong-g/vulnerability_info/blob/main/ac10_command_injection/readme.md | Trust: 3.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-37144 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2023-37144/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2023-58826 |
| db: | VULMON | id: | CVE-2023-37144 |
| db: | JVNDB | id: | JVNDB-2023-017091 |
| db: | CNNVD | id: | CNNVD-202307-483 |
| db: | NVD | id: | CVE-2023-37144 |
LAST UPDATE DATE
2024-08-14T15:00:13.973000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2023-58826 | date: | 2023-07-26T00:00:00 |
| db: | VULMON | id: | CVE-2023-37144 | date: | 2023-07-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-017091 | date: | 2024-01-05T08:09:00 |
| db: | CNNVD | id: | CNNVD-202307-483 | date: | 2023-07-13T00:00:00 |
| db: | NVD | id: | CVE-2023-37144 | date: | 2023-07-12T20:43:13.663 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2023-58826 | date: | 2023-07-13T00:00:00 |
| db: | VULMON | id: | CVE-2023-37144 | date: | 2023-07-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-017091 | date: | 2024-01-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-202307-483 | date: | 2023-07-07T00:00:00 |
| db: | NVD | id: | CVE-2023-37144 | date: | 2023-07-07T14:15:09.363 |