CVE-2023-51098

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 26, 2023

Updated: Dec 30, 2023

CWE ID 78

Summary

CVE-2023-51098 is a command injection vulnerability affecting Tenda W9 V1.0.0.7(4456)_CN. Hackers can exploit the function formSetDiagnoseInfo to inject and execute malicious commands on the targeted device. Successful exploitation could result in unauthorized access, data theft, or system damage. Users are advised to update their devices to the latest firmware or contact Tenda support for assistance. This vulnerability underscores the importance of regularly patching and securing IoT devices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Shenzhen Tenda Technology Co. Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t1yRj3
https://www.cve.org/CVERecord?id=CVE-2023-51098
https://nvd.nist.gov/vuln/detail/CVE-2023-51098

Back to Vulnerability Database

CVE-2023-51098

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations