Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-42634

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.

Published

2024-08-16T16:15:06.670

Last Modified

2025-04-11T15:13:25.360

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tenda	ac9_firmware	15.03.06.42	Yes
Hardware	tenda	ac9	-	No

References

https://github.com/goldds96/Report/blob/main/Tenda/AC9/CI.md Exploit, Third Party Advisory ([email protected])