CVE-2017-9138

EUVD-2017-18076
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
tendacnf1200_firmware
𝑥
≤ 1.2.0.19
tendacnfh1202_firmware
𝑥
≤ 1.2.0.19
tendacnf1202_firmware
𝑥
≤ 1.2.0.19
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.tendacn.com/en/2017.html
http://www.tendacn.com/en/2017.html