Tenda AC18 SetIPTVCfg formSetIptv command injection

June 4, 2025 invoker category_cve

CVE Details

Basic Information

Title Tenda AC18 SetIPTVCfg formSetIptv command injection
Type cve
Published 2025-06-04T19:00:21.064Z
Last Seen

Product Information

Vendor Tenda
Product AC18
Version 15.03.05.05

CVSS Information

Base Score 5.3 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A command injection vulnerability in Tenda AC18 routers (version 15.03.05.05) allows remote attackers to execute arbitrary commands via the formSetIptv function. This issue is critical as it can be exploited without authentication, and the exploit is publicly available.
AI Severity High
Vendor Tenda
Product Tenda AC18
Affected Version 15.03.05.05

Additional Information

CVE List
CWE List CWE-77, CWE-74
Bulletin Family
Source Data Tenda AC18 15.03.05.05

Source Information

Source Data Tenda AC18 15.03.05.05
Source Link

Description

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS Score Summary

Base Score: 5.3 (MEDIUM)

View Full CVE Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.