Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN

Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN

CVE-2022-24171 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters.

Learn more about our Cis Benchmark Audit For Server Software.