CVE-2024-36604 Information

Description

Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges.

Reference

https://exzettabyte.me/blind-command-injection-in-stp-service-on-tenda-o3v2/