CVE-2021-27691

Published: Apr 15, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://hackmd.io/%40aZYpdinUS2SD-yhAeHwOkw/rkhTCGzMd

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-27691

Description

Affected Products

References