CVE-2024-34338 Information

Description

A Blind command injection vulnerability in Tenda O3V2 V1.0.0.12 and earlier allows remote attackers to execute operating system commands via dest parameter in /goform/getTraceroute

Reference

http://exzettabyte.me/blind-command-injection-in-tenda-o3v2