How severe is CVE-2024-34338?

CVE-2024-34338 has a CVSS v3 score of 7.2 (HIGH).

CVE-2024-34338

Name: o3
Author: tenda

7.2HIGH

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execut

Published: 5/14/2024Updated: 6/30/2025

Description

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability.

AI AnalysisPowered by AI

Affected Products

tendao3_firmware

1.0.0.10

tendao3

2.0

tendao3_firmware

1.0.0.12

tendao3

2.0

References

http://exzettabyte.me/blind-command-injection-in-tenda-o3v2
ExploitThird Party Advisory
http://exzettabyte.me/blind-command-injection-in-tenda-o3v2
ExploitThird Party Advisory