CVE-2020-10987

CRITICAL KEV NUCLEI

Tenda AC15 AC1900 <15.03.05.19 - RCE

Title source: llm

Exploitation Summary

CVE-2020-10987 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 1 public exploit from researchers including Jaden-Bowers. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a detailed write-up on emulating the Tenda AC15 (V15.03.05.19) firmware's webserver using QEMU and exploiting CVE-2020-10987, a command injection vulnerability in the `/goform/setUsbUnload` handler. It includes steps for filesystem extraction, reverse engineering, and setting up the emulation environment.

Description

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.

Exploits (1)

nomisec WRITEUP

by Jaden-Bowers · poc

https://github.com/Jaden-Bowers/Tenda-Router-VR-and-Exploit

View Code ZIP pw:eip

This repository provides a detailed write-up on emulating the Tenda AC15 (V15.03.05.19) firmware's webserver using QEMU and exploiting CVE-2020-10987, a command injection vulnerability in the `/goform/setUsbUnload` handler. It includes steps for filesystem extraction, reverse engineering, and setting up the emulation environment.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tenda AC15 V15.03.05.19

No auth needed

Prerequisites: Access to the firmware image or extracted filesystem · QEMU setup for ARM emulation · Basic reverse engineering tools like Ghidra

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Tenda AC15 AC1900 version 15.03.05.19 - Command Injection

CRITICALby pussycat0x

Shodan: http.title:"tenda wifi"

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://www.ise.io/research/

Exploit, Third Party Advisory x_refsource_misc

https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10987

Scores

CVSS v3 9.8

EPSS 0.7967

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2020-11-06

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2020-3386

CWE

CWE-78

Status published

Products (1)

tenda/ac15_firmware 15.03.05.19

Published Jul 13, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026