Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges.

Related CVEs

CVE-2024-36604

Key Information

GHSA ID

GHSA-5wc3-v5j6-m54x

Published

June 4, 2024 9:32 PM

Last Modified

June 11, 2024 3:31 PM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.