Ethical hacking specialists reported the detection of at least five critical vulnerabilities in Tenda AC15 AC1900 routers, produced by Shenzhen Tenda Technology. Exploiting these flaws would allow the deployment of multiple malicious scenarios. These flaws have not been patched.
Below are brief reports of the found flaws, in addition to their respective identification keys and scores according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-10987: Incorrect input validation on the POST parameter “deviceName” on the goform/setUsbUnload endpoint would allow threat actors to pass specially designed data to execute arbitrary commands on the target system. Ethical hacking experts mention that the flaw is being actively exploited.
This failure received a score of 9.8/10 and its successful exploitation could lead to the full commitment of the affected systems.
CVE-2020-15916: Incorrect input validation on the POST parameter “lanIp” on the goform/AdvSetLanip endpoint could allow malicious hackers to pass specially designed data to execute arbitrary commands in an affected implementation.
This failure received a score of 9/10 and its successful exploitation could result in a total commitment of the vulnerable system.
CVE-2020-10986: Insufficient validation of the source of the HTTP request on the /goform/SysToolReboot endpoint would allow hackers to trick a victim into visiting a specially designed web page and performing arbitrary actions on appearance legitimate, which could lead to a device restart and even denial-of-service conditions.
The vulnerability received a score of 5.6/10, mentioned by ethical hacking experts.
CVE-2020-10989: Insufficient debugging of user input passed through the POST parameter “WifiName” on the /goform/WifiBasicSet endpoint would allow threat actors to trick victims into following specially designed links in order to execute HTML code in the victim’s browser in the context of a vulnerable website.
This vulnerability received a score of 5.6/10 and its exploitation could facilitate phishing attacks, modification of the content of a website, among other scenarios.
All reported failures reside on AC15 AC1900 v15.03.05.19.
With the exception of CVE-2020-10987, there is no indication that these failures are being exploited in real-world scenarios. However, the risk of exploitation is considerable, as these are unmediated critical vulnerabilities.