CVE: CVE-2020-10987

Export to Word

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.93271
Percentile: 0.99797

CVSS Scoring

CVSS v3.1 Score: 9.8

Severity: CRITICAL

KEV is present

Mapped CWE(s)

CWE-78 : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

All CAPEC(s)

CAPEC-108: Command Line Execution through SQL Injection
CAPEC-15: Command Delimiters
CAPEC-43: Exploiting Multiple Input Interpretation Layers
CAPEC-6: Argument Injection
CAPEC-88: OS Command Injection

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*

← Back to Home