CVE-2023-49436

CRITICAL

Tenda AX9 V22.03.01.46 - OS Command Injection via SetNetControlList list Parameter

Title source: llm
STIX 2.1

Description

Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0442
EPSS Percentile 89.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (1)
tenda/ax9_firmware 22.03.01.46
Published Dec 07, 2023
Tracked Since Feb 18, 2026