CVE-2022-30023

HIGH EXPLOITED IN THE WILD

Tenda HG9 Firmware 1.0.1 - OS Command Injection via Ping Function

Title source: llm

Exploitation Summary

CVE-2022-30023 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including Haniwa0x01.

AI-analyzed exploit summary This is a functional exploit for CVE-2022-30023, an authenticated command injection vulnerability in Tenda HG9 routers. It authenticates to the router and executes arbitrary commands via a crafted payload in the ping functionality.

Description

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.

Exploits (1)

nomisec WORKING POC 8 stars

by Haniwa0x01 · remote-auth

https://github.com/Haniwa0x01/CVE-2022-30023

View Code ZIP pw:eip

This is a functional exploit for CVE-2022-30023, an authenticated command injection vulnerability in Tenda HG9 routers. It authenticates to the router and executes arbitrary commands via a crafted payload in the ping functionality.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tenda HG9 Router

Auth required

Prerequisites: Network access to the target router · Valid credentials for the router

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Not Applicable x_refsource_misc

http://tenda.com

Not Applicable x_refsource_misc

http://ont.com

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Haniwa0x01/CVE-2022-30023

Scores

CVSS v3 8.8

EPSS 0.4268

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-12-21

InTheWild.io 2022-12-21

CWE

CWE-78

Status published

Products (1)

tenda/hg9_firmware 1.0.1

Published Jun 16, 2022

Tracked Since Feb 18, 2026