CVE-2024-10697
Published: 02 November 2024
Summary
CVE-2024-10697 is a medium-severity Injection (CWE-74) vulnerability in Tenda Ac6 Firmware. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-10697 is a command injection vulnerability affecting the Tenda AC6 router running firmware version 15.03.05.19. It exists in the formWriteFacMac function of the /goform/WriteFacMac API endpoint, where unsanitized input to the mac argument permits execution of arbitrary operating system commands. The flaw is tracked under CWE-74 and CWE-77 and carries a CVSS 4.0 score of 5.3.
An authenticated attacker with low privileges can trigger the issue remotely by submitting a malicious mac value to the endpoint. Successful exploitation grants limited control over device confidentiality, integrity, and availability without requiring user interaction.
Public proof-of-concept code has been released, and the EPSS score is currently 0.8311 at its observed peak. The listed references include a detailed technical write-up and the vendor site, but contain no information on available patches or recommended mitigations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-33251
Vulnerability details
A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection.…
more
The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The command injection vulnerability in the Tenda AC6 router's /goform/WriteFacMac API endpoint allows remote arbitrary command execution by manipulating the 'mac' parameter, enabling Network Device CLI abuse (T1059.008), Indirect Command Execution (T1202 as noted by VulDB), and Exploitation of Remote Services (T1210).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.