cnvd - cnvd-2024-41056

CNVD-2024-41056

Vulnerability from cnvd - Published: 2024-10-12

Title

Tenda AC1206命令注入漏洞（CNVD-2024-41056）

Description

Tenda AC1206是中国腾达（Tenda）公司的一款无线千兆路由器。 Tenda AC1206存在命令注入漏洞，该漏洞源于对文件/goform/ate的ate_iwpriv_set/ate_ifconfig_set函数的操纵，会导致命令注入。目前没有详细的漏洞细节提供。

Severity

中

Formal description

厂商尚未发布漏洞修复程序，请及时关注更新： https://www.tenda.com.cn/

Reference

https://cxsecurity.com/cveshow/CVE-2024-9793/

Impacted products

Name
Tenda AC1206 <15.03.06.23

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-9793"
    }
  },
  "description": "Tenda AC1206\u662f\u4e2d\u56fd\u817e\u8fbe\uff08Tenda\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u5343\u5146\u8def\u7531\u5668\u3002\n\nTenda AC1206\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u6587\u4ef6/goform/ate\u7684ate_iwpriv_set/ate_ifconfig_set\u51fd\u6570\u7684\u64cd\u7eb5\uff0c\u4f1a\u5bfc\u81f4\u547d\u4ee4\u6ce8\u5165\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.tenda.com.cn/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-41056",
  "openTime": "2024-10-12",
  "products": {
    "product": "Tenda AC1206 \u003c15.03.06.23"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2024-9793/",
  "serverity": "\u4e2d",
  "submitTime": "2024-10-12",
  "title": "Tenda AC1206\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2024-41056\uff09"
}

CVE-2024-9793 (GCVE-0-2024-9793)

Vulnerability from cvelistv5 – Published: 2024-10-10 15:31 – Updated: 2024-10-10 17:46

Title

Tenda AC1206 ate ate_ifconfig_set command injection

Summary

A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-77 - Command Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.279946	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.279946	signaturepermissions-required
	https://vuldb.com/?submit.418061	third-party-advisory
	https://github.com/ixout/iotVuls/blob/main/Tenda/…	related
	https://github.com/ixout/iotVuls/blob/main/Tenda/…	exploit
	https://www.tenda.com.cn/	product

Impacted products

	Vendor	Product	Version
	Tenda	AC1206	Affected: 15.03.06.0 Affected: 15.03.06.1 Affected: 15.03.06.2 Affected: 15.03.06.3 Affected: 15.03.06.4 Affected: 15.03.06.5 Affected: 15.03.06.6 Affected: 15.03.06.7 Affected: 15.03.06.8 Affected: 15.03.06.9 Affected: 15.03.06.10 Affected: 15.03.06.11 Affected: 15.03.06.12 Affected: 15.03.06.13 Affected: 15.03.06.14 Affected: 15.03.06.15 Affected: 15.03.06.16 Affected: 15.03.06.17 Affected: 15.03.06.18 Affected: 15.03.06.19 Affected: 15.03.06.20 Affected: 15.03.06.21 Affected: 15.03.06.22 Affected: 15.03.06.23

Credits

ixout (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ac1206_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "lessThanOrEqual": "15.03.06.23",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9793",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T16:09:15.570083Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T17:46:05.897Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AC1206",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.03.06.0"
            },
            {
              "status": "affected",
              "version": "15.03.06.1"
            },
            {
              "status": "affected",
              "version": "15.03.06.2"
            },
            {
              "status": "affected",
              "version": "15.03.06.3"
            },
            {
              "status": "affected",
              "version": "15.03.06.4"
            },
            {
              "status": "affected",
              "version": "15.03.06.5"
            },
            {
              "status": "affected",
              "version": "15.03.06.6"
            },
            {
              "status": "affected",
              "version": "15.03.06.7"
            },
            {
              "status": "affected",
              "version": "15.03.06.8"
            },
            {
              "status": "affected",
              "version": "15.03.06.9"
            },
            {
              "status": "affected",
              "version": "15.03.06.10"
            },
            {
              "status": "affected",
              "version": "15.03.06.11"
            },
            {
              "status": "affected",
              "version": "15.03.06.12"
            },
            {
              "status": "affected",
              "version": "15.03.06.13"
            },
            {
              "status": "affected",
              "version": "15.03.06.14"
            },
            {
              "status": "affected",
              "version": "15.03.06.15"
            },
            {
              "status": "affected",
              "version": "15.03.06.16"
            },
            {
              "status": "affected",
              "version": "15.03.06.17"
            },
            {
              "status": "affected",
              "version": "15.03.06.18"
            },
            {
              "status": "affected",
              "version": "15.03.06.19"
            },
            {
              "status": "affected",
              "version": "15.03.06.20"
            },
            {
              "status": "affected",
              "version": "15.03.06.21"
            },
            {
              "status": "affected",
              "version": "15.03.06.22"
            },
            {
              "status": "affected",
              "version": "15.03.06.23"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ixout (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tenda AC1206 bis 15.03.06.23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion ate_iwpriv_set/ate_ifconfig_set der Datei /goform/ate. Durch das Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T15:31:06.625Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-279946 | Tenda AC1206 ate ate_ifconfig_set command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.279946"
        },
        {
          "name": "VDB-279946 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.279946"
        },
        {
          "name": "Submit #418061 | Tenda Router V15.03.06.23 and earlier Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.418061"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-10-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-10-10T09:28:24.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda AC1206 ate ate_ifconfig_set command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-9793",
    "datePublished": "2024-10-10T15:31:06.625Z",
    "dateReserved": "2024-10-10T07:23:14.015Z",
    "dateUpdated": "2024-10-10T17:46:05.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-41056

CVE-2024-9793 (GCVE-0-2024-9793)

Tags

Sightings

Nomenclature