CVE-2022-40847: n/a in n/a
In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.
AI Analysis
Technical Summary
CVE-2022-40847 is a command injection vulnerability identified in the Tenda AC1200 Router model W15Ev2 running firmware version V15.11.0.10(1576). The vulnerability exists in the function formSetFixTools, which improperly handles the hostname parameter. An attacker with low privileges and local access can exploit this flaw by injecting arbitrary commands through the hostname parameter, which the router executes on the underlying system. This leads to full compromise of the device, allowing an attacker to execute arbitrary code with high privileges. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), indicating that user input is not properly sanitized before being passed to system commands. The CVSS v3.1 base score is 7.8 (high severity), with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires local access but low complexity and privileges, no user interaction, and results in high impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported, and no patches or vendor advisories are currently linked. The vulnerability allows attackers to take full control of the router, potentially leading to network compromise, interception of traffic, or pivoting to other internal systems.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those using Tenda AC1200 W15Ev2 routers in their network infrastructure. Exploitation can lead to complete device takeover, enabling attackers to intercept, modify, or redirect network traffic, potentially compromising sensitive data and internal communications. The router compromise can also serve as a foothold for lateral movement within corporate networks, increasing the risk of broader network breaches. Given the high impact on confidentiality, integrity, and availability, critical business operations relying on these routers could be disrupted. Additionally, compromised routers can be used as part of botnets or for launching further attacks, affecting organizational reputation and compliance with data protection regulations such as GDPR. The requirement for local or adjacent network access limits remote exploitation but does not eliminate risk, as attackers may gain local access through phishing, insider threats, or compromised devices within the network.
Mitigation Recommendations
Organizations should first inventory their network devices to identify the presence of Tenda AC1200 W15Ev2 routers running the vulnerable firmware version. Since no official patches are currently linked, immediate mitigation includes restricting physical and network access to these devices, especially limiting access to trusted administrators only. Network segmentation should be enforced to isolate vulnerable routers from critical systems and sensitive data. Implement strict access controls and monitoring on management interfaces to detect and prevent unauthorized access attempts. Consider replacing vulnerable routers with models from vendors providing timely security updates. Additionally, monitor network traffic for unusual patterns that may indicate exploitation attempts. If feasible, disable or restrict the functionality related to the formSetFixTools function or the hostname parameter through configuration changes or firewall rules. Regularly review vendor communications for updates or patches addressing this vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2022-40847: n/a in n/a
Description
In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.
AI-Powered Analysis
Technical Analysis
CVE-2022-40847 is a command injection vulnerability identified in the Tenda AC1200 Router model W15Ev2 running firmware version V15.11.0.10(1576). The vulnerability exists in the function formSetFixTools, which improperly handles the hostname parameter. An attacker with low privileges and local access can exploit this flaw by injecting arbitrary commands through the hostname parameter, which the router executes on the underlying system. This leads to full compromise of the device, allowing an attacker to execute arbitrary code with high privileges. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), indicating that user input is not properly sanitized before being passed to system commands. The CVSS v3.1 base score is 7.8 (high severity), with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires local access but low complexity and privileges, no user interaction, and results in high impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported, and no patches or vendor advisories are currently linked. The vulnerability allows attackers to take full control of the router, potentially leading to network compromise, interception of traffic, or pivoting to other internal systems.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those using Tenda AC1200 W15Ev2 routers in their network infrastructure. Exploitation can lead to complete device takeover, enabling attackers to intercept, modify, or redirect network traffic, potentially compromising sensitive data and internal communications. The router compromise can also serve as a foothold for lateral movement within corporate networks, increasing the risk of broader network breaches. Given the high impact on confidentiality, integrity, and availability, critical business operations relying on these routers could be disrupted. Additionally, compromised routers can be used as part of botnets or for launching further attacks, affecting organizational reputation and compliance with data protection regulations such as GDPR. The requirement for local or adjacent network access limits remote exploitation but does not eliminate risk, as attackers may gain local access through phishing, insider threats, or compromised devices within the network.
Mitigation Recommendations
Organizations should first inventory their network devices to identify the presence of Tenda AC1200 W15Ev2 routers running the vulnerable firmware version. Since no official patches are currently linked, immediate mitigation includes restricting physical and network access to these devices, especially limiting access to trusted administrators only. Network segmentation should be enforced to isolate vulnerable routers from critical systems and sensitive data. Implement strict access controls and monitoring on management interfaces to detect and prevent unauthorized access attempts. Consider replacing vulnerable routers with models from vendors providing timely security updates. Additionally, monitor network traffic for unusual patterns that may indicate exploitation attempts. If feasible, disable or restrict the functionality related to the formSetFixTools function or the hostname parameter through configuration changes or firewall rules. Regularly review vendor communications for updates or patches addressing this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-09-19T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d983bc4522896dcbee07d
Added to database: 5/21/2025, 9:09:15 AM
Last enriched: 7/2/2025, 4:30:05 AM
Last updated: 8/18/2025, 10:58:48 AM
Views: 11
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.