CVE-2021-44971

moderate-risk

Published 2022-01-28

Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.

Do I need to act?

2.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (2)

Ac15 Firmware

Ac5 Firmware

Affected Vendors

Tenda

References (6)

Broken Link http://ac15v10.com

Vendor Advisory http://tenda.com

Broken Link https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md

Broken Link http://ac15v10.com

Vendor Advisory http://tenda.com

Broken Link https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 5/34 · Minimal

Exposure 7/34 · Low