CVE-2023-30135
Tenda AC18 Unauthorized command injection
1. Affected version:
Tenda ac18_kf_V15.03.05.19(6318_)_cn
2. Firmware download address
3. Vulnerability details
The function "setUsbUnload" contains a command injection vulnerability. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
4. Recurring vulnerabilities and POC
5. Author
Drizzling_Sun @KRlab

