1. Home
  2. CVE Database
  3. CVE-2017-16923
HIGH · 8.8

CVE-2017-16923

Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC...

Vulnerability Description

Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
TendaAc9 Firmwareus_ac9v1.0br_v15.03.05.14_multi_td01
TendaAc9-
TendaAc15 Firmwareus_ac15v1.0br_v15.03.05.18_multi_td01
TendaAc15-
TendaAc18 Firmwareus_ac18v1.0br_v15.03.05.05_multi_td01
TendaAc18-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2017-16923?

CVE-2017-16923 is a vulnerability with a CVSS score of 8.8 (HIGH). Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC...

How severe is CVE-2017-16923?

CVE-2017-16923 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-16923?

Check the references section above for vendor advisories and patch information. Affected products include: Tenda Ac9 Firmware, Tenda Ac9, Tenda Ac15 Firmware, Tenda Ac15, Tenda Ac18 Firmware.