Unrated severityCISA KEVNVD Advisory· Published Oct 30, 2018· Updated Oct 21, 2025

CVE-2018-14558

Description

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-01/Tenda.mdmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.063
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000