A vulnerability, which was classified as critical, was found in Tenda AC15V1.0 15.03.20_multi. Affected is the function
doSystemCmd
of the file /goform/setUsbUnload. The manipulation of the argument deviceName leads to command injection.
This vulnerability is traded as CVE-2024-30645. It is possible to launch the attack remotely. Furthermore, there is an exploit available.