CVE-2022-31446

Description

Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.

Related CPE's

otendacnac18_firmware15.03.05.19*******

otendacnac18_firmware15.03.05.05*******

htendacnac18-*******

References

https://github.com/wshidamowang/Router/blob/main/Tenda/AC18/RCE_1.md

ExploitThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

10

VectorString

AV:N/AC:L/Au:N/C:C/I:C/A:C

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io