cvedb.io
CVE-2018-16334
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-09-02T03:29:00.760 · Last modified 2026-06-17T01:44:06.483

Summary

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.

Affected products

tendacn — ac10_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when tendacn ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.