Command Execution Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin

Command Execution Vulnerability in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin

CVE-2023-40839 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands.

Learn more about our Web Application Penetration Testing UK.