Arbitrary Command Execution Vulnerability in Tenda PA6 Wi-Fi Powerline Extender 1.0.1.21

Arbitrary Command Execution Vulnerability in Tenda PA6 Wi-Fi Powerline Extender 1.0.1.21

CVE-2019-16213 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.

Learn more about our Web Application Penetration Testing UK.