CVE-2024-39963
HIGHTenda AX9 and AX12 Firmware V22.03.01.46 - Authenticated Remote Code Execution via macFilterType Parameter
Title source: llmDescription
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57
Scores
CVSS v3
8.0
EPSS
0.0125
EPSS Percentile
79.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (2)
tenda/ax12_firmware
22.03.01.46
tenda/ax9_firmware
22.03.01.46
Published
Jul 19, 2024
Tracked Since
Feb 18, 2026