CVE-2024-3908 | Tenda AC500 2.0.1.9(1307) /goform/WriteFacMac formWriteFacMac mac command injection

Posted by Angelo Barbosa | Apr 17, 2024 | CVE

A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection.

This vulnerability is traded as CVE-2024-3908. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-3908 | Tenda AC500 2.0.1.9(1307) /goform/WriteFacMac formWriteFacMac mac command injection

Related Posts

CVE-2023-23349 | Kaspersky Password Manager prior 24.0.0.427 on Windows KPM Extension for Chrome sensitive information in memory

CVE-2024-1383 | WPvivid Plugin up to 0.9.32 on WordPress cross site scripting

CVE-2023-23991 | WPdevelop Booking Calendar Plugin up to 9.4.3 on WordPress sql injection

CVE-2024-8562 | SourceCodester PHP CRUD 1.0 /endpoint/Add.php first_name/middle_name/last_name cross site scripting