CVE-2017-16936

Published: Nov 24, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-8105 Aliases: GSD-2017-16936
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
LOW 3,3
Source: [email protected]
Access Vector: adjacent_network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0085
Percentile
0,7th
Updated

EPSS Score Trend (Last 90 Days)

22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
Operating System

Ac18 Firmware by Tenda

Product Information
Vendor Tenda
Product Ac18 Firmware
Version us_ac18v1.0br_v15.03.05.05_multi_td01
cpe:2.3:o:tenda:ac18_firmware:us_ac18v1.0br_v15.03.05.05_multi_td01:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ac9 Firmware by Tenda

Product Information
Vendor Tenda
Product Ac9 Firmware
Version ac9_kf_v15.03.05.19\(6318_\)_cn
cpe:2.3:o:tenda:ac9_firmware:ac9_kf_v15.03.05.19\(6318_\)_cn:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ac15 Firmware by Tenda

Product Information
Vendor Tenda
Product Ac15 Firmware
Version us_ac15v1.0br_v15.03.05.18_multi_td01
cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.18_multi_td01:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ac18 Firmware by Tenda

Product Information
Vendor Tenda
Product Ac18 Firmware
Version ac18_kf_v15.03.05.19\(6318_\)_cn
cpe:2.3:o:tenda:ac18_firmware:ac18_kf_v15.03.05.19\(6318_\)_cn:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ac15 Firmware by Tenda

Product Information
Vendor Tenda
Product Ac15 Firmware
Version us_ac15v1.0br_v15.03.05.19_multi_td01
cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.19_multi_td01:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ac9 Firmware by Tenda

Product Information
Vendor Tenda
Product Ac9 Firmware
Version us_ac9v1.0br_v15.03.05.14_multi_td01
cpe:2.3:o:tenda:ac9_firmware:us_ac9v1.0br_v15.03.05.14_multi_td01:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/Iolop/Poc/tree/master/Router/Tenda
Issue Tracking Third Party Advisory
https://github.com/Iolop/Poc/tree/master/Router/Tenda
https://github.com/Iolop/Poc/tree/master/Router/Tenda
Issue Tracking Third Party Advisory
https://github.com/Iolop/Poc/tree/master/Router/Tenda