VDB-282865 · CVE-2024-10697 · GCVE-100-282865

Tenda AC6 15.03.05.19 API Endpoint /goform/WriteFacMac formWriteFacMac mac ବିସ୍ତାରିତ ଅଧିକାର

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu Tenda AC6 15.03.05.19 keessatti argameera. Miidhaan irra gahe is hojii formWriteFacMac faayilii /goform/WriteFacMac keessa kutaa API Endpoint keessa. Dhugumatti jijjiirraa irratti raawwatame mac gara ବିସ୍ତାରିତ ଅଧିକାର geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-77 si geessa. Beekumsi kun yeroo 11/01/2024 ifoomsifameera. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2024-10697 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

4 ଆଡାପ୍ଟେସନ୍ · 101 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 11/01/2024 06:06 PM	ଅଦ୍ୟତନ 1/3 11/02/2024 01:27 PM	ଅଦ୍ୟତନ 2/3 04/05/2025 08:53 AM	ଅଦ୍ୟତନ 3/3 04/05/2025 11:32 AM
software_vendor	Tenda	Tenda	Tenda	Tenda
software_name	AC6	AC6	AC6	AC6
software_version	15.03.05.19	15.03.05.19	15.03.05.19	15.03.05.19
software_component	API Endpoint	API Endpoint	API Endpoint	API Endpoint
software_file	/goform/WriteFacMac	/goform/WriteFacMac	/goform/WriteFacMac	/goform/WriteFacMac
software_function	formWriteFacMac	formWriteFacMac	formWriteFacMac	formWriteFacMac
software_argument	The	The	mac	mac
vulnerability_cwe	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md	https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md	https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md	https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md	https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md	https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md	https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md
source_cve	CVE-2024-10697	CVE-2024-10697	CVE-2024-10697	CVE-2024-10697
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	7.5
cvss3_meta_tempscore	5.7	6.0	6.0	7.3
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1730415600 (11/01/2024)	1730415600 (11/01/2024)	1730415600 (11/01/2024)	1730415600 (11/01/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		L	L	L
cvss4_cna_ui		N	N	N
cvss4_cna_vc		L	L	L
cvss4_cna_vi		L	L	L
cvss4_cna_va		L	L	L
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.3	5.3	5.3
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		L	L	L
cvss3_cna_i		L	L	L
cvss3_cna_a		L	L	L
cvss3_cna_basescore		6.3	6.3	6.3
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		P	P	P
cvss2_cna_ii		P	P	P
cvss2_cna_ai		P	P	P
cvss2_cna_basescore		6.5	6.5	6.5
software_type			Router Operating System	Router Operating System
cve_nvd_summaryes				Se ha encontrado una vulnerabilidad en Tenda AC6 15.03.05.19 y se ha clasificado como crítica. Esta vulnerabilidad afecta a la función formWriteFacMac del archivo /goform/WriteFacMac del componente API Endpoint. La manipulación del argumento The conduce a la inyección de comandos. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				N
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				9.8

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Might our Artificial Intelligence support you?

Check our Alexa App!