CVE-2017-9138

There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.

Published: May 22, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-9138
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.7
AV:A/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
tendacn / f1200_firmware	-	1.2.0.19.x
tendacn / fh1202_firmware	-	1.2.0.19.x
tendacn / f1202_firmware	-	1.2.0.19.x

http://www.tendacn.com/en/2017.html

Vulnerability Database

290,020

CVE-2017-9138