Example Analysis of remote Command execution vulnerability in Tenda AC Series Router 01/19 Update SLTechnology News&Howtos

Example Analysis of remote Command execution vulnerability in Tenda AC Series Router

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)05/31 Report--

This article will explain in detail the example analysis of remote command execution vulnerabilities in Tenda AC series routers. The content of the article is of high quality, so Xiaobian shares it with you for reference. I hope you have a certain understanding of relevant knowledge after reading this article.

Vulnerability profile:

Tenda AC series is a wireless router for home users released by Tenda. It has a high market share and is a comprehensive family wireless router.

There is a design flaw in the goform plug-in in the Web service component provided by Tenda AC. Permission verification is not strict. This problem can be successfully used to send a specific data packet without login verification, triggering the execution of any command to control the router device. The Web service is started with root permission, and the highest permission to the Tengda router is obtained.

risk level

Threat Level: High

Impact area: wide

Impact rating: 10 stars

vulnerability details

The goform component of the Tenda router Web service has a logical error when processing a specific request, and insufficient authorization results in arbitrary commands being executed.

scope of influence

Including but not limited to the following models of Tengda routers, and all released firmware versions of each model are affected by this vulnerability. After verification and analysis, this security issue affects the latest version of Tengda router firmware.

AC 6

AC 7

AC 8

AC 9

AC 11

AC 15

The ip count of surviving devices on fofa shows at least 100,000 or so.

Repair suggestions

Please pay attention to the firmware update of Tengda official website in real time and repair it in time.

An example analysis of remote command execution vulnerabilities in Tenda AC series routers is shared here. I hope the above content can be of some help to everyone and can learn more knowledge. If you think the article is good, you can share it so that more people can see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.