CVE-2017-9138

HIGH

Tenda Router <1.2.0.20 - Command Injection

Title source: llm
STIX 2.1

Description

There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
http://www.tendacn.com/en/2017.html

Scores

CVSS v3 8.0
EPSS 0.0069
EPSS Percentile 48.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (3)
tendacn/f1200_firmware < 1.2.0.19
tendacn/f1202_firmware < 1.2.0.19
tendacn/fh1202_firmware < 1.2.0.19
Published May 21, 2017
Tracked Since Feb 18, 2026