VYPR
Unrated severityNVD Advisory· Published May 9, 2024· Updated Feb 13, 2025

CVE-2024-34338

CVE-2024-34338

Description

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Tenda/O3V2cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: V1.0.0.10, V1.0.0.12

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.