CVE-2025-25675

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/jangfan/my-vuln/blob/main/Tenda/AC10V1/formexeCommand.md	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tenda:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac10:1.0:*:*:*:*:*:*:*

History

17 Mar 2025, 14:26

Type	Values Removed	Values Added
First Time		Tenda ac10 Tenda Tenda ac10 Firmware
CWE		CWE-77
References	~~() https://github.com/jangfan/my-vuln/blob/main/Tenda/AC10V1/formexeCommand.md -~~	() https://github.com/jangfan/my-vuln/blob/main/Tenda/AC10V1/formexeCommand.md - Broken Link
CPE		cpe:2.3:h:tenda:ac10:1.0:::::::* cpe:2.3:o:tenda:ac10_firmware:15.03.06.23:::::::*

21 Feb 2025, 18:16

Type	Values Removed	Values Added
Summary		(es) Tenda AC10 V1.0 V15.03.06.23 tiene una vulnerabilidad de inyección de comandos ubicada en la función formexeCommand. La variable str recibe el parámetro cmdinput de una solicitud POST y luego se asigna a la variable cmd_buf, que se utiliza directamente en la función doSystemCmd, lo que provoca la ejecución arbitraria de un comando.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		CWE-94

20 Feb 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-20 23:15

Updated : 2025-03-17 14:26

NVD link : CVE-2025-25675

Mitre link : CVE-2025-25675

CVE.ORG link : CVE-2025-25675

JSON object : View

Products Affected

tenda

ac10
ac10_firmware

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-25675", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-02-20T23:15:12.870", "references": [{"url": "https://github.com/jangfan/my-vuln/blob/main/Tenda/AC10V1/formexeCommand.md", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution."}, {"lang": "es", "value": "Tenda AC10 V1.0 V15.03.06.23 tiene una vulnerabilidad de inyecci\u00f3n de comandos ubicada en la funci\u00f3n formexeCommand. La variable str recibe el par\u00e1metro cmdinput de una solicitud POST y luego se asigna a la variable cmd_buf, que se utiliza directamente en la funci\u00f3n doSystemCmd, lo que provoca la ejecuci\u00f3n arbitraria de un comando."}], "lastModified": "2025-03-17T14:26:22.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66ED84F0-B0EB-4F55-9AD6-C8B682BAB472"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac10:1.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AF790B76-6CAD-483A-95FA-80955643825B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}