How severe is CVE-2024-34338?

CVE-2024-34338 has a CVSS v3 score of 7.2 (HIGH).

CVE-2024-34338

Name: o3
Author: tenda

7.2HIGH

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execut

发布于: 5/14/2024更新于: 6/30/2025

描述

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability.

AI分析AI驱动

受影响产品

tendao3_firmware

1.0.0.10

tendao3

2.0

tendao3_firmware

1.0.0.12

tendao3

2.0

参考资料

http://exzettabyte.me/blind-command-injection-in-tenda-o3v2
ExploitThird Party Advisory
http://exzettabyte.me/blind-command-injection-in-tenda-o3v2
ExploitThird Party Advisory