Skip to main content

Ac7 Firmware CVE-2024-48826

HIGH
OS Command Injection (CWE-78)
2024-10-28 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 28, 2024 - 20:15 nvd
HIGH 8.8

DescriptionNVD

Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.

AnalysisAI

Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. Affected products include: Tenda Ac7 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2025-29137 CRITICAL POC
9.8 Mar 19

Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set f

CVE-2024-32301 CRITICAL POC
9.8 Apr 17

Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle fun

CVE-2023-41562 CRITICAL POC
9.8 Aug 30

Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered

CVE-2023-41559 CRITICAL POC
9.8 Aug 30

Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to co

CVE-2023-41558 CRITICAL POC
9.8 Aug 30

Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeC

CVE-2023-41557 CRITICAL POC
9.8 Aug 30

Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter

CVE-2023-41556 CRITICAL POC
9.8 Aug 30

Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to co

CVE-2023-41555 CRITICAL POC
9.8 Aug 30

Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasi

CVE-2023-41552 CRITICAL POC
9.8 Aug 30

Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parame

CVE-2023-38937 CRITICAL POC
9.8 Aug 07

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC

CVE-2023-38936 CRITICAL POC
9.8 Aug 07

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28,

CVE-2023-38933 CRITICAL POC
9.8 Aug 07

Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0

Share

CVE-2024-48826 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy