Vulnerability Description
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | Ac9 Firmware | us_ac9v1.0br_v15.03.05.14_multi_td01 |
| Tenda | Ac9 | - |
| Tenda | Ac15 Firmware | us_ac15v1.0br_v15.03.05.18_multi_td01 |
| Tenda | Ac15 | - |
| Tenda | Ac18 Firmware | us_ac18v1.0br_v15.03.05.05_multi_td01 |
| Tenda | Ac18 | - |
Related Weaknesses (CWE)
References
- https://github.com/Iolop/Poc/tree/master/Router/TendaIssue TrackingThird Party Advisory
- https://github.com/Iolop/Poc/tree/master/Router/TendaIssue TrackingThird Party Advisory
FAQ
What is CVE-2017-16936?
CVE-2017-16936 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_...
How severe is CVE-2017-16936?
CVE-2017-16936 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-16936?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda Ac9 Firmware, Tenda Ac9, Tenda Ac15 Firmware, Tenda Ac15, Tenda Ac18 Firmware.