CVE-2022-41395 An AC1200 router with a command injection vulnerability was discovered. The vulnerable function is setDMZ.

CVE-2022-41395 An AC1200 router with a command injection vulnerability was discovered. The vulnerable function is setDMZ.

A hacker could exploit this vulnerability to execute arbitrary script code in the affected system. In short, this results in remote code execution.

CVE-2018-7487 has been assigned to this vulnerability.

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was also found to be vulnerable to another command injection issue.

CVE-2018-7488 has been assigned to this vulnerability.

A command injection vulnerability occurs when an attacker injects malicious commands into web-based user interfaces to take over the affected device.
An attacker could host a specially crafted website on a malicious server,straying the user to enter malicious code in the web-based user interface of an affected device.
Redirecting the user to a malicious website could trick the user into giving the hacker unnecessary permissions to the device.

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to be vulnerable to a cross-site scripting issue.

CVE-2018-7489 has been assigned to this vulnerability.

Redirecting users to a malicious website could trick the user into giving the hacker unnecessary permissions to the device.
Redirecting users to a malicious website could trick the user into giving the hacker unnecessary permissions to the device.

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576

Android-based router devices

There are also vulnerabilities in certain Android-based router devices, including Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576), which were discovered by Security Engineer Christopher Buddin from the company Tenable Network Security.
A command injection vulnerability occurs when an attacker injects malicious commands into web-based user interfaces to take over the affected device.
An attacker could host a specially crafted website on a malicious server,straying the user to enter malicious code in the web-based user interface of an affected device.
Redirecting the user to a malicious website could trick the user into giving the hacker unnecessary permissions to the device.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe