OS Command Injection in Tenda AC9 and AC10 Devices via POST Request

OS Command Injection in Tenda AC9 and AC10 Devices via POST Request

CVE-2018-16334 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.

Learn more about our Web Application Penetration Testing UK.