Tenda AC18 Command Injection Vulnerability in Samba Configuration Interface

A command injection vulnerability has been identified in the Tenda AC18 router, specifically in the V15.03.05.05_multi firmware. The issue arises in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter enables attackers to execute arbitrary system commands. Exploitation of this vulnerability could lead to a complete compromise of the affected device.

Impact

Successful exploitation allows authenticated attackers to execute arbitrary system commands on the router, potentially leading to full device compromise.

Reproduction

To reproduce this vulnerability, an authenticated attacker must send a POST request to the /goform/SetSambaCfg endpoint. The request must include malicious payloads in the guestuser parameter, such as shell metacharacters that can be used to execute commands. Once the payload is injected and the request is processed, the injected command will be executed during a subsequent request, demonstrating the command injection vulnerability.