2023-08-30 00:00:00
mitre
PUBLISHED
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function sub_ADD50 contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands.