CVE-2024-9793

MEDIUM EPSS 97.3%

Published Oct 10, 20241y ago · Modified Jun 17, 20261w ago

5.3 CVSS 4.0

Medium

Published Oct 10, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

5.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

97.3% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-77 Command Injection Injection

CWE-78 OS Command Injection Injection

Affected Products 2

Vendor	Product	Version	Range
tenda	ac1206_firmware	15.03.06.23	any
tenda	ac1206	*	any

References 6

github.com https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md

ExploitThird Party Advisory
github.com https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md

ExploitThird Party Advisory
vuldb.com https://vuldb.com/?ctiid.279946

Permissions RequiredVDB Entry
vuldb.com https://vuldb.com/?id.279946

Third Party AdvisoryVDB Entry
vuldb.com https://vuldb.com/?submit.418061

Third Party AdvisoryVDB Entry
tenda.com.cn https://www.tenda.com.cn/

Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.