CVE-2023-49437: n/a in n/a
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
AI Analysis
Technical Summary
CVE-2023-49437 is a critical command injection vulnerability identified in the Tenda AX12 router firmware version V22.03.01.46. The vulnerability exists in the handling of the 'list' parameter at the endpoint /goform/SetNetControlList. Command injection vulnerabilities occur when untrusted input is passed to a system shell or command interpreter without proper sanitization, allowing attackers to execute arbitrary commands on the affected device. In this case, the 'list' parameter is susceptible to injection, enabling an unauthenticated remote attacker to execute arbitrary commands with the privileges of the router's web service process. The CVSS v3.1 base score of 9.8 reflects the high severity, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N) and no user interaction (UI:N). The impact affects confidentiality, integrity, and availability (C:H/I:H/A:H), meaning an attacker can fully compromise the device, potentially gaining control over network traffic, modifying configurations, or causing denial of service. The vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating a failure to properly sanitize input before command execution. No patches or fixes are currently linked, and no known exploits in the wild have been reported as of the publication date (December 7, 2023). However, given the critical nature and ease of exploitation, this vulnerability poses a significant risk to affected devices.
Potential Impact
For European organizations, the exploitation of this vulnerability could lead to severe consequences. Routers like the Tenda AX12 are often deployed in small to medium enterprises and home office environments, serving as critical network gateways. Successful exploitation could allow attackers to intercept, manipulate, or redirect network traffic, leading to data breaches, espionage, or disruption of business operations. The full compromise of the router could also facilitate lateral movement within internal networks, enabling further attacks on corporate assets. Additionally, compromised routers can be enlisted into botnets for distributed denial-of-service (DDoS) attacks, impacting service availability. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of exploitation. European organizations relying on Tenda AX12 devices without timely mitigation are at risk of operational disruption, data loss, and reputational damage.
Mitigation Recommendations
Given the absence of an official patch, European organizations should take immediate and specific actions: 1) Identify and inventory all Tenda AX12 routers running firmware version V22.03.01.46 within their networks. 2) Restrict access to the router management interface by implementing network segmentation and firewall rules to limit access to trusted IP addresses only. 3) Disable remote management features if enabled, to prevent external exploitation. 4) Monitor network traffic for unusual activity indicative of command injection attempts or unauthorized access. 5) Consider replacing affected devices with models from vendors that provide timely security updates if a patch is not forthcoming. 6) Engage with Tenda support channels to obtain information on forthcoming patches or mitigations. 7) Implement network-level intrusion detection/prevention systems (IDS/IPS) with signatures targeting command injection attempts on the /goform/SetNetControlList endpoint. 8) Educate IT staff on the vulnerability specifics to ensure rapid response to any suspicious activity. These steps go beyond generic advice by focusing on immediate containment, detection, and device replacement strategies tailored to this specific vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2023-49437: n/a in n/a
Description
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
AI-Powered Analysis
Technical Analysis
CVE-2023-49437 is a critical command injection vulnerability identified in the Tenda AX12 router firmware version V22.03.01.46. The vulnerability exists in the handling of the 'list' parameter at the endpoint /goform/SetNetControlList. Command injection vulnerabilities occur when untrusted input is passed to a system shell or command interpreter without proper sanitization, allowing attackers to execute arbitrary commands on the affected device. In this case, the 'list' parameter is susceptible to injection, enabling an unauthenticated remote attacker to execute arbitrary commands with the privileges of the router's web service process. The CVSS v3.1 base score of 9.8 reflects the high severity, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N) and no user interaction (UI:N). The impact affects confidentiality, integrity, and availability (C:H/I:H/A:H), meaning an attacker can fully compromise the device, potentially gaining control over network traffic, modifying configurations, or causing denial of service. The vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating a failure to properly sanitize input before command execution. No patches or fixes are currently linked, and no known exploits in the wild have been reported as of the publication date (December 7, 2023). However, given the critical nature and ease of exploitation, this vulnerability poses a significant risk to affected devices.
Potential Impact
For European organizations, the exploitation of this vulnerability could lead to severe consequences. Routers like the Tenda AX12 are often deployed in small to medium enterprises and home office environments, serving as critical network gateways. Successful exploitation could allow attackers to intercept, manipulate, or redirect network traffic, leading to data breaches, espionage, or disruption of business operations. The full compromise of the router could also facilitate lateral movement within internal networks, enabling further attacks on corporate assets. Additionally, compromised routers can be enlisted into botnets for distributed denial-of-service (DDoS) attacks, impacting service availability. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of exploitation. European organizations relying on Tenda AX12 devices without timely mitigation are at risk of operational disruption, data loss, and reputational damage.
Mitigation Recommendations
Given the absence of an official patch, European organizations should take immediate and specific actions: 1) Identify and inventory all Tenda AX12 routers running firmware version V22.03.01.46 within their networks. 2) Restrict access to the router management interface by implementing network segmentation and firewall rules to limit access to trusted IP addresses only. 3) Disable remote management features if enabled, to prevent external exploitation. 4) Monitor network traffic for unusual activity indicative of command injection attempts or unauthorized access. 5) Consider replacing affected devices with models from vendors that provide timely security updates if a patch is not forthcoming. 6) Engage with Tenda support channels to obtain information on forthcoming patches or mitigations. 7) Implement network-level intrusion detection/prevention systems (IDS/IPS) with signatures targeting command injection attempts on the /goform/SetNetControlList endpoint. 8) Educate IT staff on the vulnerability specifics to ensure rapid response to any suspicious activity. These steps go beyond generic advice by focusing on immediate containment, detection, and device replacement strategies tailored to this specific vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2023-11-27T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68372bbe182aa0cae252027d
Added to database: 5/28/2025, 3:29:02 PM
Last enriched: 7/7/2025, 8:43:40 AM
Last updated: 8/12/2025, 4:10:00 AM
Views: 17
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.