This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Command Injection in Tenda AC6 Router. π₯ **Consequences**: Attackers can execute arbitrary system commands, leading to full device compromise, data theft, or network disruption.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: **CWE-77** (Command Injection). The flaw lies in the `WriteFacMac` API endpoint where user-supplied parameters are not properly sanitized before being passed to system commands.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: **Tenda AC6** Router. Specifically, firmware version **15.03.05.19**. Other versions may be safe, but this specific build is vulnerable.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Attacker Capabilities**: With access, hackers gain **Low-Level Privileges** (CVSS: C:L, I:L, A:L).β¦
π **Exploitation Threshold**: **Medium**. Requires **Local Privileges** (PR:L). You must be authenticated on the local network to exploit this. It is not remotely exploitable from the internet without prior auth.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Public Exploit**: **Yes**. A PoC exists on GitHub (`theRaz0r/iot-mycve`) targeting the `WriteFacMac` endpoint. This increases the risk of automated scanning and exploitation.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for Tenda AC6 devices running firmware **15.03.05.19**. Check if the `WriteFacMac` API endpoint is accessible and if input validation is missing.β¦
π§ **No Patch Workaround**: **Isolate the device**. Place the router on a separate VLAN. Disable remote management. If possible, restrict access to the admin interface to trusted IPs only.β¦
β οΈ **Urgency**: **High Priority**. Although it requires local auth, the existence of a public PoC and the critical nature of router control makes it urgent to patch or mitigate immediately to prevent lateral movement.