cve/CVE-2024-2853.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

Description

A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

POC

Reference

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md

Github

https://github.com/LaPhilosophie/IoT-vulnerable
https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/helloyhrr/IoT_vulnerability

1.2 KiB Raw Blame History

CVE-2024-2853

Description

POC

Reference

Github

1.2 KiB

Raw Blame History