The Tenda AC9 is one of the most popular and affordable dual-band gigabit WiFi Router available online. A command injection vulnerability exists in the `/goform/WanParamSetting` resource. A specially crafted HTTP POST request can cause a command injection, resulting in code execution. The attacker can get reverse shell running as root using this command injection. Tenda failed to patch it per Ciscos 90-day deadline. The following SNORT rules will detect exploitation attempts.”]
Source: https://blog.talosintelligence.com/2019/11/vulnerability-spotlight-tenda-ac9-command-nov-2019.html

