CVE-2021-44971
CRITICALTenda AC15 and AC5 Firmware - Authentication Bypass
Title source: llmDescription
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://tenda.com
Broken Link, URL Repurposed x_refsource_misc
http://ac15v10.com
Broken Link x_refsource_misc
https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md
Scores
CVSS v3
9.8
EPSS
0.0276
EPSS Percentile
84.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-697
Status
published
Products (2)
tenda/ac15_firmware
15.03.05.20_multi
tenda/ac5_firmware
15.03.06.48_multi
Published
Jan 28, 2022
Tracked Since
Feb 18, 2026