CVE-2019-16213

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
tendacnpa6_firmware
1.0.1.21
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/
https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/