Skip to main content

W15e Firmware CVE-2022-41396

HIGH
OS Command Injection (CWE-78)
2022-11-15 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 15, 2022 - 03:15 nvd
HIGH 7.8

DescriptionNVD

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters.

AnalysisAI

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters. Affected products include: Tenda W15E Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2023-27063 CRITICAL POC
9.8 Mar 13

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainNam

CVE-2023-27061 CRITICAL POC
9.8 Mar 13

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterLi

CVE-2022-42058 CRITICAL POC
9.8 Nov 15

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage

CVE-2024-4127 HIGH POC
8.8 Apr 24

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely explo

CVE-2024-4126 HIGH POC
8.8 Apr 24

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this vuln

CVE-2024-4125 HIGH POC
8.8 Apr 24

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this

CVE-2024-4124 HIGH POC
8.8 Apr 24

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), t

CVE-2024-4123 HIGH POC
8.8 Apr 24

A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.

CVE-2024-4122 HIGH POC
8.8 Apr 24

A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerab

CVE-2024-4121 HIGH POC
8.8 Apr 24

A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vul

CVE-2024-4120 HIGH POC
8.8 Apr 24

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely explo

CVE-2024-4119 HIGH POC
8.8 Apr 24

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely explo

Share

CVE-2022-41396 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy