CVE-2024-30891 is a command injection vulnerability identified in the Tenda AC18 router firmware version 15.03.05.05. The flaw resides in the /goform/exeCommand endpoint, which processes cmdinput parameters without proper sanitization or validation, allowing attackers to inject arbitrary system commands. This vulnerability corresponds to CWE-77 (Improper Neutralization of Special Elements used in a Command). The CVSS 3.1 base score of 8.8 reflects the vulnerability's high impact and ease of exploitation: it requires no privileges, no user interaction, and can be exploited remotely over the network (Attack Vector: Adjacent Network). Successful exploitation can lead to full compromise of the router, enabling attackers to execute arbitrary commands with the privileges of the router’s operating system. This can result in unauthorized access, data exfiltration, network disruption, or pivoting to internal networks. No patches or official fixes have been published yet, and no known exploits are reported in the wild, but the severity and nature of the flaw make it a critical concern for affected users. The vulnerability's presence in a widely used consumer and small business router model increases the risk of widespread exploitation if left unmitigated.

The impact of CVE-2024-30891 is significant for organizations and individuals using the Tenda AC18 router. Exploitation can lead to complete compromise of the router, allowing attackers to execute arbitrary commands, potentially gaining control over network traffic, intercepting sensitive data, or launching further attacks within the internal network. This can undermine confidentiality, integrity, and availability of network resources. For enterprises relying on these routers for perimeter or internal network connectivity, this vulnerability could serve as an entry point for lateral movement and data breaches. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of exploitation. Additionally, compromised routers can be used as part of botnets or for launching distributed denial-of-service (DDoS) attacks, amplifying the threat to broader internet infrastructure.

Given the absence of an official patch, organizations should implement immediate compensating controls. These include restricting access to the router’s management interface to trusted IP addresses or VLANs, disabling remote management features if not required, and monitoring network traffic for unusual command execution patterns or unexpected outbound connections. Network segmentation should be enforced to isolate vulnerable devices from critical assets. Regularly updating router firmware when a patch becomes available is essential. Additionally, organizations should consider replacing vulnerable devices with models from vendors with stronger security track records if timely patches are not forthcoming. Employing intrusion detection/prevention systems (IDS/IPS) with signatures targeting command injection attempts on router management endpoints can provide additional defense. Finally, educating users about the risks and signs of router compromise can aid early detection and response.