CVE-2023-49437

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 7, 2023

Updated: Dec 9, 2023

CWE ID 77

Summary

CVE-2023-49437 is a command injection vulnerability discovered in Tenda AX12 V22.03.01.46. An attacker can exploit this issue by sending malicious input to the 'list' parameter in the /goform/SetNetControlList endpoint. Successful exploitation allows the attacker to execute arbitrary commands on the affected device, potentially leading to unauthorized access or system compromise. Users are advised to update their routers to the latest firmware as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Shenzhen Tenda Technology Co. Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tlEwPo
https://www.cve.org/CVERecord?id=CVE-2023-49437
https://nvd.nist.gov/vuln/detail/CVE-2023-49437

Back to Vulnerability Database

CVE-2023-49437

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations