CVE-2017-16923

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-16923
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://github.com/Iolop/Poc/tree/master/Router/Tenda Issue Tracking Third Party Advisory
https://github.com/Iolop/Poc/tree/master/Router/Tenda Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:ac9_firmware:us_ac9v1.0br_v15.03.05.14_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tenda:ac9_firmware:ac9_kf_v15.03.05.19\(6318_\)_cn:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.18_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.19_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:tenda:ac18_firmware:us_ac18v1.0br_v15.03.05.05_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:tenda:ac18_firmware:ac18_kf_v15.03.05.19\(6318_\)_cn:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*
History

21 Nov 2024, 03:17

Type Values Removed Values Added
References () https://github.com/Iolop/Poc/tree/master/Router/Tenda - Issue Tracking, Third Party Advisory () https://github.com/Iolop/Poc/tree/master/Router/Tenda - Issue Tracking, Third Party Advisory
Information

Published : 2017-11-21 14:29

Updated : 2024-11-21 03:17

NVD link : CVE-2017-16923

Mitre link : CVE-2017-16923

CVE.ORG link : CVE-2017-16923

JSON object : View

Products Affected

tenda

  • ac15
  • ac18_firmware
  • ac18
  • ac9
  • ac15_firmware
  • ac9_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024