CVE-2017-16923

Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.
References
Link Resource
https://github.com/Iolop/Poc/tree/master/Router/Tenda Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:ac9_firmware:us_ac9v1.0br_v15.03.05.14_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tenda:ac9_firmware:ac9_kf_v15.03.05.19\(6318_\)_cn:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.18_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.19_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:tenda:ac18_firmware:us_ac18v1.0br_v15.03.05.05_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:tenda:ac18_firmware:ac18_kf_v15.03.05.19\(6318_\)_cn:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-11-21 14:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-16923

Mitre link : CVE-2017-16923

CVE.ORG link : CVE-2017-16923


JSON object : View

Products Affected

tenda

  • ac9
  • ac18
  • ac15
  • ac9_firmware
  • ac15_firmware
  • ac18_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')