CNNVD-202509-2255 Information
CNNVD ID
CNNVD-202509-2255
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
Tenda AC9和Tenda AC15都是中国腾达(Tenda)公司的一款无线路由器。 Tenda AC9和Tenda AC15 15.03.05.14版本存在操作系统命令注入漏洞,该漏洞源于文件/goform/exeCommand中函数formexeCommand对参数cmdinput的错误操作,可能导致os命令注入。
Description (English)
Tenda AC9 and Tenda AC15 are both Tenda’s wireless routers. Versions Tenda AC9 and Tenda AC15 15.03.05.14 contain a loophole in the operating system command, which stems from the error of the function FormexeCommand in file/goform/exeCommand to the parameter and cdinput, which may lead to an Os command injection.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
腾达
Published
2025-09-15
Last Modified
2026-02-24
References
https://github.com/2664521593/mycve/blob/main/Tenda/Tenda_AC9_CJ.md https://github.com/2664521593/mycve/blob/main/Tenda/Tenda_AC9_CJ.md#poc https://vuldb.com/?ctiid.323876 https://vuldb.com/?id.323876 https://vuldb.com/?submit.647838 https://vuldb.com/?submit.647839 https://www.tenda.com.cn/
Share on: