ID
VAR-201310-0798
TITLE
Tenda wireless router remote command execution backdoor vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2013-13948
DESCRIPTION
Tenda is a network equipment provider in Shenzhen. There are backdoors in Tenda's W330R and W302R wireless router firmware latest versions and Medialink MWN-WAPR150N. The vulnerability can be exploited through a UDP packet. If the device receives a packet starting with the string "w302r_mfg", it can trigger the vulnerability to execute various commands, and even execute any command with root privileges.
Trust: 0.6
sources:
CNVD: CNVD-2013-13948
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2013-13948
AFFECTED PRODUCTS
| vendor: | - | model: | tenda technology co.,ltd. w302r | scope: | - | version: | - | Trust: 0.6 |
| vendor: | - | model: | tenda technology co.,ltd. w330r | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2013-13948
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2013-13948
PATCH
| title: | Patch for Tenda wireless router remote command execution backdoor vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/45241 | Trust: 0.6 |
sources:
CNVD: CNVD-2013-13948
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2013-13948 | Trust: 0.6 |
sources:
CNVD: CNVD-2013-13948
REFERENCES
| url: | http://www.devttys0.com/2013/10/from-china-with-love/ | Trust: 0.6 |
sources:
CNVD: CNVD-2013-13948
SOURCES
| db: | CNVD | id: | CNVD-2013-13948 |
LAST UPDATE DATE
2022-05-04T10:23:11.880000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-13948 | date: | 2020-03-10T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-13948 | date: | 2013-10-23T00:00:00 |