CVE-2024-30645 | Tenda AC15V1.0 15.03.20_multi /goform/setUsbUnload doSystemCmd deviceName command injection

Posted by Angelo Barbosa | Mar 29, 2024 | CVE

A vulnerability, which was classified as critical, was found in Tenda AC15V1.0 15.03.20_multi. Affected is the function doSystemCmd of the file /goform/setUsbUnload. The manipulation of the argument deviceName leads to command injection.

This vulnerability is traded as CVE-2024-30645. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2024-30645 | Tenda AC15V1.0 15.03.20_multi /goform/setUsbUnload doSystemCmd deviceName command injection

Related Posts

CVE-2023-42742 | Unisoc S8000 Sysui denial of service

CVE-2024-35688 | Jewel Theme Master Addons for Elementor Plugin up to 2.0.5.9 on WordPress cross site scripting

CVE-2023-49508 | YetiForceCompany YetiForceCRM up to 6.4.0 LibraryLicense.php license path traversal

CVE-2024-29792 | Unlimited Elements for Elementor Plugin up to 1.5.93 on WordPress cross site scripting