Cyber Resilience

CVE-2024-10697

MediumPublic PoC

Published: 02 November 2024

Published
02 November 2024
Modified
05 April 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.8311 99.3th percentile
Risk Priority 60 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10697 is a medium-severity Injection (CWE-74) vulnerability in Tenda Ac6 Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-10697 is a command injection vulnerability affecting the Tenda AC6 router running firmware version 15.03.05.19. It exists in the formWriteFacMac function of the /goform/WriteFacMac API endpoint, where unsanitized input to the mac argument permits execution of arbitrary operating system commands. The flaw is tracked under CWE-74 and CWE-77 and carries a CVSS 4.0 score of 5.3.

An authenticated attacker with low privileges can trigger the issue remotely by submitting a malicious mac value to the endpoint. Successful exploitation grants limited control over device confidentiality, integrity, and availability without requiring user interaction.

Public proof-of-concept code has been released, and the EPSS score is currently 0.8311 at its observed peak. The listed references include a detailed technical write-up and the vendor site, but contain no information on available patches or recommended mitigations.

EU & UK References

Vulnerability details

A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection.…

more

The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
T1202 Indirect Command Execution Stealth
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The command injection vulnerability in the Tenda AC6 router's /goform/WriteFacMac API endpoint allows remote arbitrary command execution by manipulating the 'mac' parameter, enabling Network Device CLI abuse (T1059.008), Indirect Command Execution (T1202 as noted by VulDB), and Exploitation of Remote Services (T1210).

Affected Assets

tenda
ac6 firmware
15.03.05.19

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

References