VYPR
High severity8.8NVD Advisory· Published Sep 2, 2018· Updated Jun 17, 2026

CVE-2018-16334

CVE-2018-16334

Description

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.

Affected products

2
  • Tenda/AC9llm-fuzzy
    Range: = V15.03.05.19(6318)_CN
  • Tenda/AC10llm-fuzzy
    Range: = V15.03.06.23_CN

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.