CVE-2021-44971

Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
tendaac15_firmware
15.03.05.20_multi:_multi
tendaac5_firmware
15.03.06.48_multi:_multi
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://ac15v10.com
http://tenda.com
https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md
http://ac15v10.com
http://tenda.com
https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md