How severe is CVE-2024-34338?

CVE-2024-34338 has a CVSS v3 score of 7.2 (HIGH).

CVE-2024-34338

Name: o3
Author: tenda

7.2HIGH

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execut

게시됨: 5/14/2024업데이트됨: 6/30/2025

설명

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability.

AI 분석AI 기반

영향받는 제품

tendao3_firmware

1.0.0.10

tendao3

2.0

tendao3_firmware

1.0.0.12

tendao3

2.0

참조

http://exzettabyte.me/blind-command-injection-in-tenda-o3v2
ExploitThird Party Advisory
http://exzettabyte.me/blind-command-injection-in-tenda-o3v2
ExploitThird Party Advisory