Description
A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-246130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.246130
Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.246130
Exploit, Third Party Advisory exploit
https://drive.google.com/file/d/1DUSlAxTbNLBdv1aLUAn-tDMu6Z1rHYH8/view
Scores
CVSS v3
7.2
EPSS
0.0952
EPSS Percentile
94.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
tecno-mobile/tr118_firmware
tr118-m30e-rr-d-enfrarswhapo-op-v008-20220830
Published
Nov 27, 2023
Tracked Since
Feb 18, 2026