CVE-2020-10987
Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
El endpoint goform/setUsbUnload de Tenda AC15 AC1900 versión 15.03.05.19, permite a atacantes remotos ejecutar comandos del sistema arbitrarios por medio del parámetro POST deviceName
Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-03-26 CVE Reserved
- 2020-07-13 CVE Published
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-12-17 EPSS Updated
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.ise.io/research | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Tenda Search vendor "Tenda" | Ac15 Firmware Search vendor "Tenda" for product "Ac15 Firmware" | 15.03.05.19 Search vendor "Tenda" for product "Ac15 Firmware" and version "15.03.05.19" | - |
Affected
| in | Tenda Search vendor "Tenda" | Ac15 Search vendor "Tenda" for product "Ac15" | - | - |
Safe
|