{"uuid": "72b13221-fd4b-4368-8ca4-04d3f28c3755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-14558", "type": "seen", "source": "https://t.me/arpsyndicate/1078", "content": "#ExploitObserverAlert\n\nCVE-2018-14558\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2018-14558. An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the \"formsetUsbUnload\" function executes a dosystemCmd function with untrusted input.\n\nFIRST-EPSS: 0.936190000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T01:16:59.000000Z"}