CVE-2020-10987 Scanner

CVE-2020-10987 Scanner - Command Injection vulnerability in Tenda AC15 AC1900

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

18 days 10 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The Tenda AC15 AC1900 is a wireless router widely used in home and small office settings to provide internet connectivity. Manufactured by Tenda, a leading networking device provider, the router supports high-speed wireless AC technology. Users can employ this router to facilitate simultaneous connections for multiple devices, enhancing network efficiency. It features a user-friendly interface, which makes it accessible for both tech-savvy individuals and general consumers. Additionally, the router offers advanced settings to modify network security and performance parameters. However, like many connected devices, it can be susceptible to security vulnerabilities if not properly updated and configured.

The Command Injection vulnerability in Tenda AC15 AC1900 allows remote attackers to execute arbitrary system commands on the device. The vulnerability exists in the goform/setUsbUnload endpoint, specifically targeting the deviceName POST parameter. This flaw is classified as critical, due to the potential impact on confidentiality, integrity, and availability of the system. If successfully exploited, an attacker could control the router remotely without needing prior authentication. It underscores the importance of securing network devices and updating firmware regularly to prevent exploitation.

Technical details reveal that the goform/setUsbUnload endpoint is exploited through a crafted POST request. The deviceName parameter is manipulated to include malicious commands encapsulated with special characters. These commands are executed in the underlying system shell, granting attackers unauthorized control over the device. The vulnerability arises because input validation on the deviceName parameter is insufficient, making it prone to code execution. Utilizing tools like interactsh can validate the presence of the vulnerability by confirming command execution remotely. The risk is exacerbated by the endpoint being reachable externally, posing a significant security threat.

If exploited, this vulnerability can have severe consequences. An attacker could disrupt network services, steal sensitive data, or leverage the device for launching further attacks. Network integrity could be compromised, affecting all users connected to the router. Permanent damage to the router's firmware might occur, potentially requiring a device reset or replacement. Moreover, compromised routers can be used as entry points to wider network infiltration, posing risks to additional connected systems. This vulnerability amplifies concerns about consumer-grade devices being utilized in security-sensitive environments without proper safeguards.

Get started to protecting your digital assets