CVE-2017-9138
Last modified
CVE-2017-9138 is a vulnerability of currently unknown severity. There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.. EPSS estimates a 0.69% chance of exploitation in the next 30 days.
Description
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tendacn | F1200 Firmware | <= 1.2.0.19 |
| Tendacn | Fh1202 Firmware | <= 1.2.0.19 |
| Tendacn | F1202 Firmware | <= 1.2.0.19 |
References
- http://www.tendacn.com/en/2017.htmlVendor Advisory
- http://www.tendacn.com/en/2017.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-9138?
How severe is CVE-2017-9138?
How do I fix CVE-2017-9138?
Are you affected by CVE-2017-9138?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST