Cisco Talos recently discovered a command injection vulnerability in the Tenda AC9 router. The Tenda AC9 is one of the most popular and affordable dual-band gigabit WiFi Router available online, especially on Amazon. A command injection vulnerability exists in the `/goform/WanParameterSetting` resource. A locally authenticated attacker can execute arbitrary commands to post parameters to execute commands on the router. The attacker can get reverse shell running as root using this command injection.
Hackers Inject Destructive Commands into Amazon’s AI Coding Agent
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers