CVE-2020-10987

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 26, 2020
Published Date: July 13, 2020
Last Updated: February 04, 2025
Vendor: n/a
Product: n/a
Description: The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://www.ise.io/research/ https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC