CVE-2017-16923

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-16923
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://github.com/Iolop/Poc/tree/master/Router/Tenda Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:ac9_firmware:us_ac9v1.0br_v15.03.05.14_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tenda:ac9_firmware:ac9_kf_v15.03.05.19\(6318_\)_cn:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.18_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.19_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:tenda:ac18_firmware:us_ac18v1.0br_v15.03.05.05_multi_td01:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:tenda:ac18_firmware:ac18_kf_v15.03.05.19\(6318_\)_cn:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2017-11-21 14:29

Updated : 2023-12-10 12:15

NVD link : CVE-2017-16923

Mitre link : CVE-2017-16923

CVE.ORG link : CVE-2017-16923

JSON object : View

Products Affected

tenda

  • ac18
  • ac15
  • ac9_firmware
  • ac15_firmware
  • ac9
  • ac18_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')