VYPR
Unrated severityNVD Advisory· Published Apr 15, 2021· Updated Aug 3, 2024

CVE-2021-27692

CVE-2021-27692

Description

Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Tenda/G1 and G3 routersdescription
  • Enterasys/G3llm-fuzzy
    Range: = v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN
  • Range: = v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.