There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.
References
Link | Resource |
---|---|
http://www.tendacn.com/en/2017.html | Vendor Advisory |
http://www.tendacn.com/en/2017.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 03:35
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.tendacn.com/en/2017.html - Vendor Advisory |
Information
Published : 2017-05-21 22:29
Updated : 2024-11-21 03:35
NVD link : CVE-2017-9138
Mitre link : CVE-2017-9138
CVE.ORG link : CVE-2017-9138
JSON object : View
Products Affected
tendacn
- f1200
- fh1202
- f1200_firmware
- f1202
- fh1202_firmware
- f1202_firmware
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer