{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T09:06:56.281","vulnerabilities":[{"cve":{"id":"CVE-2024-9793","sourceIdentifier":"cna@vuldb.com","published":"2024-10-10T16:15:09.080","lastModified":"2026-06-17T08:25:16.330","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"es","value":"Se ha detectado una vulnerabilidad clasificada como crítica en Tenda AC1206 hasta la versión 15.03.06.23. Esta vulnerabilidad afecta a la función ate_iwpriv_set/ate_ifconfig_set del archivo /goform/ate. La manipulación conduce a la inyección de comandos. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse. Se contactó al proveedor con antelación sobre esta revelación, pero no respondió de ninguna manera."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Tenda","product":"AC1206","versions":[{"version":"15.03.06.0","status":"affected"},{"version":"15.03.06.1","status":"affected"},{"version":"15.03.06.2","status":"affected"},{"version":"15.03.06.3","status":"affected"},{"version":"15.03.06.4","status":"affected"},{"version":"15.03.06.5","status":"affected"},{"version":"15.03.06.6","status":"affected"},{"version":"15.03.06.7","status":"affected"},{"version":"15.03.06.8","status":"affected"},{"version":"15.03.06.9","status":"affected"},{"version":"15.03.06.10","status":"affected"},{"version":"15.03.06.11","status":"affected"},{"version":"15.03.06.12","status":"affected"},{"version":"15.03.06.13","status":"affected"},{"version":"15.03.06.14","status":"affected"},{"version":"15.03.06.15","status":"affected"},{"version":"15.03.06.16","status":"affected"},{"version":"15.03.06.17","status":"affected"},{"version":"15.03.06.18","status":"affected"},{"version":"15.03.06.19","status":"affected"},{"version":"15.03.06.20","status":"affected"},{"version":"15.03.06.21","status":"affected"},{"version":"15.03.06.22","status":"affected"},{"version":"15.03.06.23","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"tenda","product":"ac1206_firmware","defaultStatus":"unknown","cpes":["cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThanOrEqual":"15.03.06.23","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-10T16:09:15.570083Z","id":"CVE-2024-9793","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*","matchCriteriaId":"787A50A1-EDBC-44EB-8CF2-11C4FC63719D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*","matchCriteriaId":"29D5013D-520A-461A-95FF-43B2BE160F91"}]}]}],"references":[{"url":"https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/?ctiid.279946","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/?id.279946","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/?submit.418061","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.tenda.com.cn/","source":"cna@vuldb.com","tags":["Product"]}]}}]}