1. Home
  2. CVE Database
  3. CVE-2017-9138
HIGH · 8.0

CVE-2017-9138

There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intend...

Vulnerability Description

There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.

CVSS Score

8.0

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
TendacnF1200 Firmware<= 1.2.0.19
TendacnF1200-
TendacnFh1202 Firmware<= 1.2.0.19
TendacnFh1202-
TendacnF1202 Firmware<= 1.2.0.19
TendacnF1202-

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2017-9138?

CVE-2017-9138 is a vulnerability with a CVSS score of 8.0 (HIGH). There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intend...

How severe is CVE-2017-9138?

CVE-2017-9138 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-9138?

Check the references section above for vendor advisories and patch information. Affected products include: Tendacn F1200 Firmware, Tendacn F1200, Tendacn Fh1202 Firmware, Tendacn Fh1202, Tendacn F1202 Firmware.