CVE-2023-36103

EUVD-2023-40083
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
8 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
tendaac15_firmware
15.03.05.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/t0hka1/Tenda-AC15-Exp/blob/master/Tenda%20AC15%20V15.03.05.20%20Exp.md