Remote Code Execution Vulnerability in Tenda AC9, AC15, and AC18 Devices

Remote Code Execution Vulnerability in Tenda AC9, AC15, and AC18 Devices

CVE-2018-18728 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request.

Learn more about our Web Application Penetration Testing UK.