This issue can be exploited by sending specially crafted requests to the affected device. A remote user can hijack the device’s session by sending a request with a malicious payload to the vulnerable machine. The security risk of this vulnerability is estimated as high with a score of 8.8 out of 10. Tenda AC10 V15.03.06.23 software has an input validation failure problem. This issue can be exploited by hackers to inject malicious code or obtain sensitive information. FIX V15.03.06.23: - Fixed issue of input validation failure. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind. - Fixed issue of XSS via /goform/fromSetIpMacBind. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind. - Fixed issue of XSS via /goform/fromSetIpMacBind. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind. - Fixed issue of XSS via /goform/fromSetIpMacBind. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind. - Fixed issue of XSS via /goform/fromSetIpMacBind. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind. - Fixed issue of XSS via /goform/fromSetIpMac
Tenda AC10 V15.03.06.23 - Remote Code Execution and Hijacking of Wireless Network
The vulnerability allows a remote user to hijack the device’s session by sending a request with a malicious payload to the vulnerable machine. The security risk of this vulnerability is estimated as high with a score of 8.8 out of 10. FIX V15.03.06.23: - Fixed issue of input validation failure. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind. - Fixed issue of XSS via /goform/fromSetIpMacBind. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind. - Fixed issue of XSS via /goform/fromSetIpMacBind. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind. - Fixed issue of XSS via /goform/fromSetIpMacBind
Tenda AC10 V15.03.06.23 – Remote administration and control over the internet
The vulnerability is caused by the application's failure to validate input data, which may allow a remote user to hijack the device's session by sending a malicious payload to the vulnerable machine. Successful exploitation of this vulnerability could allow an attacker to access and manipulate data owned by the vulnerable system.
The security risk of this vulnerability is estimated as high with a score of 8.8 out of 10.
FIX V15.03.06.23: - Fixed issue of input validation failure. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind. - Fixed issue of XSS via /goform/fromSetIpMacBind. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind. - Fixed issue of XSS via /goform/fromSetIpMacBind. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind. - Fixed issue of XSS via /goform/fromSetIpMacBind. - Fixed issue of SQL Injection via /goform/fromSetIpMacBind.
Timeline
Published on: 10/17/2022 14:15:00 UTC
Last modified on: 10/19/2022 15:07:00 UTC