CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5072
https://notcve.org/view.php?id=CVE-2019-5072
21 Nov 2019 — An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS2 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos explotable en la funcionalidad /goform/Wa... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0861 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5071
https://notcve.org/view.php?id=CVE-2019-5071
21 Nov 2019 — An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS1 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos explotable en la funcionalidad /goform/Wa... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0861 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •