CVE-2021-44971
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.
Múltiples dispositivos Tenda están afectados por una omisión de autenticación, como AC15V1.0 Firmware versión V15.03.05.20_multi... AC5V1.0 Firmware versión V15.03.06.48_multi, etc. un atacante puede obtener información confidencial, e incluso combinarla con una inyección de comandos autenticados para implementar RCE
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-12-13 CVE Reserved
- 2022-01-28 CVE Published
- 2024-08-04 CVE Updated
- 2024-10-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-697: Incorrect Comparison
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://ac15v10.com | Broken Link | |
| https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tenda.com | 2024-02-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tenda Search vendor "Tenda" | Ac15 Firmware Search vendor "Tenda" for product "Ac15 Firmware" | 15.03.05.20_multi Search vendor "Tenda" for product "Ac15 Firmware" and version "15.03.05.20_multi" | - |
Affected
| in | Tenda Search vendor "Tenda" | Ac15 Search vendor "Tenda" for product "Ac15" | 1.0 Search vendor "Tenda" for product "Ac15" and version "1.0" | - |
Safe
|
| Tenda Search vendor "Tenda" | Ac5 Firmware Search vendor "Tenda" for product "Ac5 Firmware" | 15.03.06.48_multi Search vendor "Tenda" for product "Ac5 Firmware" and version "15.03.06.48_multi" | - |
Affected
| in | Tenda Search vendor "Tenda" | Ac5 Search vendor "Tenda" for product "Ac5" | 1.0 Search vendor "Tenda" for product "Ac5" and version "1.0" | - |
Safe
|