CVE-2017-16936
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring.
Una vulnerabilidad de salto de directorio en app_data_center en dispositivos Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01 y Ac18 ac18_kf_V15.03.05.19(6318_)_cn permite que atacantes remotos no autenticados lean archivos arbitrarios mediante un URI cgi-bin/luci/request?op=1path= que emplea secuencias de salto de directorio tras una subcadena /usb/.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-24 CVE Reserved
- 2017-11-24 CVE Published
- 2024-08-05 CVE Updated
- 2024-09-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/Iolop/Poc/tree/master/Router/Tenda | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tenda Search vendor "Tenda" | Ac9 Firmware Search vendor "Tenda" for product "Ac9 Firmware" | us_ac9v1.0br_v15.03.05.14_multi_td01 Search vendor "Tenda" for product "Ac9 Firmware" and version "us_ac9v1.0br_v15.03.05.14_multi_td01" | - |
Affected
| in | Tenda Search vendor "Tenda" | Ac9 Search vendor "Tenda" for product "Ac9" | - | - |
Safe
|
| Tenda Search vendor "Tenda" | Ac9 Firmware Search vendor "Tenda" for product "Ac9 Firmware" | ac9_kf_v15.03.05.19\(6318_\)_cn Search vendor "Tenda" for product "Ac9 Firmware" and version "ac9_kf_v15.03.05.19\(6318_\)_cn" | - |
Affected
| in | Tenda Search vendor "Tenda" | Ac9 Search vendor "Tenda" for product "Ac9" | - | - |
Safe
|
| Tenda Search vendor "Tenda" | Ac15 Firmware Search vendor "Tenda" for product "Ac15 Firmware" | us_ac15v1.0br_v15.03.05.18_multi_td01 Search vendor "Tenda" for product "Ac15 Firmware" and version "us_ac15v1.0br_v15.03.05.18_multi_td01" | - |
Affected
| in | Tenda Search vendor "Tenda" | Ac15 Search vendor "Tenda" for product "Ac15" | - | - |
Safe
|
| Tenda Search vendor "Tenda" | Ac15 Firmware Search vendor "Tenda" for product "Ac15 Firmware" | us_ac15v1.0br_v15.03.05.19_multi_td01 Search vendor "Tenda" for product "Ac15 Firmware" and version "us_ac15v1.0br_v15.03.05.19_multi_td01" | - |
Affected
| in | Tenda Search vendor "Tenda" | Ac15 Search vendor "Tenda" for product "Ac15" | - | - |
Safe
|
| Tenda Search vendor "Tenda" | Ac18 Firmware Search vendor "Tenda" for product "Ac18 Firmware" | us_ac18v1.0br_v15.03.05.05_multi_td01 Search vendor "Tenda" for product "Ac18 Firmware" and version "us_ac18v1.0br_v15.03.05.05_multi_td01" | - |
Affected
| in | Tenda Search vendor "Tenda" | Ac18 Search vendor "Tenda" for product "Ac18" | - | - |
Safe
|
| Tenda Search vendor "Tenda" | Ac18 Firmware Search vendor "Tenda" for product "Ac18 Firmware" | ac18_kf_v15.03.05.19\(6318_\)_cn Search vendor "Tenda" for product "Ac18 Firmware" and version "ac18_kf_v15.03.05.19\(6318_\)_cn" | - |
Affected
| in | Tenda Search vendor "Tenda" | Ac18 Search vendor "Tenda" for product "Ac18" | - | - |
Safe
|