CVE-2024-28545 is a critical command injection vulnerability identified in the Tenda AC18 router firmware version V15.03.05.05. The vulnerability resides in the deviceName parameter within the formsetUsbUnload function, which processes input without proper sanitization or validation. This allows an unauthenticated remote attacker to inject arbitrary OS commands that the device executes with elevated privileges. The vulnerability is categorized under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating that the input is directly passed to a system shell or command interpreter. The CVSS 3.1 base score of 9.8 reflects the high severity, with attack vector being network (AV:N), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). The flaw enables attackers to fully compromise the router, potentially gaining control over network traffic, launching further attacks, or causing denial of service. As of the publication date, no patches or official fixes have been released, and no known exploits in the wild have been reported. However, the ease of exploitation and critical impact make this a significant threat to affected users and organizations.

The impact of CVE-2024-28545 is severe for organizations using the Tenda AC18 router, as successful exploitation can lead to complete compromise of the device. Attackers can execute arbitrary commands remotely without authentication, enabling them to manipulate network traffic, intercept sensitive data, deploy malware, or disrupt network availability. This can result in data breaches, loss of network control, and service outages. Given the router’s role as a network gateway, compromised devices can serve as entry points for lateral movement within corporate or home networks. The vulnerability also poses risks to critical infrastructure and enterprises relying on these routers for secure connectivity. The absence of patches increases exposure time, and the high CVSS score underscores the urgency for mitigation to prevent potential widespread exploitation.

To mitigate CVE-2024-28545, organizations should immediately restrict access to the Tenda AC18 router’s management interface by implementing network segmentation and firewall rules that limit access to trusted IP addresses only. Disable remote management features if not required. Monitor network traffic for unusual command execution patterns or unexpected outbound connections originating from the router. Employ intrusion detection systems (IDS) with signatures or heuristics capable of detecting command injection attempts targeting the deviceName parameter or USB-related functions. Until an official patch is released, consider replacing vulnerable devices with alternative hardware or firmware versions not affected by this vulnerability. Regularly check for vendor advisories and apply updates promptly once available. Additionally, educate users about the risks of exposing router management interfaces to the internet and enforce strong network security policies.