CVE-2017-16923 : Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US

Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.

Published 2017-11-21 14:29:00

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2017-16923

Tenda » Ac9 Firmware » Version: Us Ac9v1.0br V15.03.05.14 Multi Td01
cpe:2.3:o:tenda:ac9_firmware:us_ac9v1.0br_v15.03.05.14_multi_td01:*:*:*:*:*:*:*
Matching versions
When used together with: Tenda » AC9 » Version: N/A
Tenda » Ac9 Firmware » Version: Ac9 Kf V15.03.05.19(6318 ) Cn
cpe:2.3:o:tenda:ac9_firmware:ac9_kf_v15.03.05.19\(6318_\)_cn:*:*:*:*:*:*:*
Matching versions
When used together with: Tenda » AC9 » Version: N/A
Tenda » Ac15 Firmware » Version: Us Ac15v1.0br V15.03.05.18 Multi Td01
cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.18_multi_td01:*:*:*:*:*:*:*
Matching versions
When used together with: Tenda » Ac15 » Version: N/A
Tenda » Ac15 Firmware » Version: Us Ac15v1.0br V15.03.05.19 Multi Td01
cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.19_multi_td01:*:*:*:*:*:*:*
Matching versions
When used together with: Tenda » Ac15 » Version: N/A
Tenda » Ac18 Firmware » Version: Us Ac18v1.0br V15.03.05.05 Multi Td01
cpe:2.3:o:tenda:ac18_firmware:us_ac18v1.0br_v15.03.05.05_multi_td01:*:*:*:*:*:*:*
Matching versions
When used together with: Tenda » Ac18 » Version: N/A
Tenda » Ac18 Firmware » Version: Ac18 Kf V15.03.05.19(6318 ) Cn
cpe:2.3:o:tenda:ac18_firmware:ac18_kf_v15.03.05.19\(6318_\)_cn:*:*:*:*:*:*:*
Matching versions
When used together with: Tenda » Ac18 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-16923

EPSS FAQ

3.47%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-16923

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.3	HIGH	AV:A/AC:L/Au:N/C:C/I:C/A:C	6.5	10.0	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-16923

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-16923

https://github.com/Iolop/Poc/tree/master/Router/Tenda

Poc/Router/Tenda at master · Iolop/Poc · GitHub
Issue Tracking;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-16923

Products affected by CVE-2017-16923

Exploit prediction scoring system (EPSS) score for CVE-2017-16923

CVSS scores for CVE-2017-16923

CWE ids for CVE-2017-16923

References for CVE-2017-16923