Full title: Tenda HG6 3.3.0 Remote Command Injection Vulnerability Category: web applications Platform: asp Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces. # 0day.today @ http://0day.today/