Details of VAR-202403-0882

ID

VAR-202403-0882

CVE

CVE-2024-2853

TITLE

Shenzhen Tenda Technology Co.,Ltd. of ac10u in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-003027

DESCRIPTION

A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of ac10u The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is an operating system command injection vulnerability in the Tenda AC10U 15.03.06.48 version. The vulnerability is caused by the usbName parameter in the formSetSambaConf method of the /goform/setsambacfg page failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

Trust: 2.16

sources: NVD: CVE-2024-2853 // JVNDB: JVNDB-2024-003027 // CNVD: CNVD-2024-20300

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-20300

AFFECTED PRODUCTS

vendor:	tenda	model:	ac10u	scope:	eq	version:	15.03.06.48	Trust: 1.0
vendor:	tenda	model:	ac10u	scope:	eq	version:	15.03.06.49	Trust: 1.0
vendor:	tenda	model:	ac10u	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac10u	scope:	eq	version:	ac10u firmware 15.03.06.48	Trust: 0.8
vendor:	tenda	model:	ac10u	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac10u	scope:	eq	version:	ac10u firmware 15.03.06.49	Trust: 0.8
vendor:	tenda	model:	ac10	scope:	eq	version:	15.03.06.48	Trust: 0.6

sources: CNVD: CNVD-2024-20300 // JVNDB: JVNDB-2024-003027 // NVD: CVE-2024-2853

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-2853
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-2853
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2024-2853
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2024-20300
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2024-2853
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2024-20300
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-2853
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-2853
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-2853
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-20300 // JVNDB: JVNDB-2024-003027 // NVD: CVE-2024-2853 // NVD: CVE-2024-2853

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-003027 // NVD: CVE-2024-2853

PATCH

title:

Patch for Tenda AC10 operating system command injection vulnerability (CNVD-2024-20300)

url:

https://www.cnvd.org.cn/patchInfo/show/541136

Trust: 0.6

sources: CNVD: CNVD-2024-20300

EXTERNAL IDS

db:	NVD	id:	CVE-2024-2853	Trust: 3.2
db:	VULDB	id:	257777	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-003027	Trust: 0.8
db:	CNVD	id:	CNVD-2024-20300	Trust: 0.6

sources: CNVD: CNVD-2024-20300 // JVNDB: JVNDB-2024-003027 // NVD: CVE-2024-2853

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac10u/v1.v15.03.06.48/more/formsetsambaconf.md	Trust: 1.8
url:	https://vuldb.com/?id.257777	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-2853	Trust: 1.4
url:	https://vuldb.com/?ctiid.257777	Trust: 1.0

sources: CNVD: CNVD-2024-20300 // JVNDB: JVNDB-2024-003027 // NVD: CVE-2024-2853

SOURCES

db:	CNVD	id:	CNVD-2024-20300
db:	JVNDB	id:	JVNDB-2024-003027
db:	NVD	id:	CVE-2024-2853

LAST UPDATE DATE

2024-08-14T15:10:18.770000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-20300	date:	2024-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-003027	date:	2024-03-28T00:47:00
db:	NVD	id:	CVE-2024-2853	date:	2024-05-17T02:38:34.337

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-20300	date:	2024-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-003027	date:	2024-03-28T00:00:00
db:	NVD	id:	CVE-2024-2853	date:	2024-03-24T05:15:10.517