CVE-2017-16936

moderate-risk

Published 2017-11-24

Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring.

Do I need to act?

0.85% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (6)

Ac9 Firmware

Ac15 Firmware

Ac18 Firmware

Ac9 Firmware

Ac15 Firmware

Ac18 Firmware

Affected Vendors

Tenda

References (2)

Issue Tracking https://github.com/Iolop/Poc/tree/master/Router/Tenda

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 3/34 · Minimal

Exposure 13/34 · Low