Sign-up

ID

VAR-202410-0264


CVE

CVE-2024-9793


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  ac1206  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-011800

DESCRIPTION

A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of ac1206 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2024-9793 // JVNDB: JVNDB-2024-011800 // CNVD: CNVD-2024-41056

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-41056

AFFECTED PRODUCTS

vendor:tendamodel:ac1206scope:eqversion:15.03.06.23

Trust: 1.0

vendor:tendamodel:ac1206scope: - version: -

Trust: 0.8

vendor:tendamodel:ac1206scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac1206scope:eqversion:ac1206 firmware 15.03.06.23

Trust: 0.8

vendor:tendamodel:ac1206scope:ltversion:15.03.06.23

Trust: 0.6

sources: CNVD: CNVD-2024-41056 // JVNDB: JVNDB-2024-011800 // NVD: CVE-2024-9793

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-9793
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-9793
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-011800
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-41056
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2024-9793
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-011800
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2024-41056
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-9793
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-9793
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2024-011800
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-41056 // JVNDB: JVNDB-2024-011800 // NVD: CVE-2024-9793 // NVD: CVE-2024-9793

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-011800 // NVD: CVE-2024-9793

EXTERNAL IDS

db:NVDid:CVE-2024-9793

Trust: 3.2

db:VULDBid:279946

Trust: 1.8

db:JVNDBid:JVNDB-2024-011800

Trust: 0.8

db:CNVDid:CNVD-2024-41056

Trust: 0.6

sources: CNVD: CNVD-2024-41056 // JVNDB: JVNDB-2024-011800 // NVD: CVE-2024-9793

REFERENCES

url:https://github.com/ixout/iotvuls/blob/main/tenda/ac1206_003/report.md

Trust: 1.8

url:https://github.com/ixout/iotvuls/blob/main/tenda/ac1206_004/report.md

Trust: 1.8

url:https://vuldb.com/?id.279946

Trust: 1.8

url:https://vuldb.com/?submit.418061

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?ctiid.279946

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-9793

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2024-9793/

Trust: 0.6

sources: CNVD: CNVD-2024-41056 // JVNDB: JVNDB-2024-011800 // NVD: CVE-2024-9793

SOURCES

db:CNVDid:CNVD-2024-41056
db:JVNDBid:JVNDB-2024-011800
db:NVDid:CVE-2024-9793

LAST UPDATE DATE

2024-11-07T22:29:14.483000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-41056date:2024-10-18T00:00:00
db:JVNDBid:JVNDB-2024-011800date:2024-11-05T01:07:00
db:NVDid:CVE-2024-9793date:2024-11-01T14:36:02.277

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-41056date:2024-10-12T00:00:00
db:JVNDBid:JVNDB-2024-011800date:2024-11-05T00:00:00
db:NVDid:CVE-2024-9793date:2024-10-10T16:15:09.080