CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2025-25675

CVSS 9.8v3.1pub. 2025-02-20upd. 2025-03-17

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution.

πŸ€– AI Analysis
How it works

The formexeCommand function retrieves the cmdinput parameter from the HTTP POST request and assigns it to the str variable, which is then passed to the cmd_buf variable. The cmd_buf variable is passed directly to the doSystemCmd function without any validation or sanitization of input data. This allows an attacker to inject arbitrary system commands that will be executed with the privileges of the process handling the request.

Impact

An unauthenticated attacker can remotely execute arbitrary commands in the device's operating system over the network, which may result in complete takeover of the router, violation of data confidentiality and integrity, and disruption of its operation.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. Until an update is released, it is recommended to restrict access to the router's administrative interface only to trusted IP addresses and isolate the device using a firewall.

Who is affected

Tenda AC10 V1.0 with firmware version V15.03.06.23

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac10

    HW
    Tenda
    1.0
  • Tenda Ac10 Firmware

    OS
    Tenda
    15.03.06.23
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-14558CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firm...

CVE-2025-67073CRITICAL9.8PL βœ“ten sam produkt

Buffer overflow w Tenda AC10 – RCE i DoS przez pole serviceName

CVE-2025-45779CRITICAL9.8PL βœ“ten sam produkt

Buffer Overflow w Tenda AC10 β€” handler formSetPPTPUserList

CVE-2025-25456CRITICAL9.8PL βœ“ten sam produkt

Buffer overflow w Tenda AC10 – podatnoΕ›Δ‡ w funkcji AdvSetMacMtuWan (mac2)

CVE-2025-25674CRITICAL9.8PL βœ“ten sam produkt

Buffer Overflow w Tenda AC10 – parametr ssid w form_fast_setting_wifi_set

CVE-2025-25675 β€” Tenda β€” Ac10 β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl