PT-2025-37470 · Tenda · Tenda Ac9+1

Shiny

Publicado

2025-09-04

Atualizado

2025-09-15

CVE-2025-10442

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda AC9 version 15.03.05.14 Tenda AC15 version 15.03.05.14

Description A vulnerability exists due to the manipulation of the cmdinput argument in the formexeCommand function within the /goform/exeCommand file, leading to OS command injection. Remote exploitation is possible. The exploit has been publicly disclosed.

Recommendations For Tenda AC9 version 15.03.05.14, address the vulnerability by patching the formexeCommand function in the /goform/exeCommand file to properly sanitize the cmdinput argument. For Tenda AC15 version 15.03.05.14, address the vulnerability by patching the formexeCommand function in the /goform/exeCommand file to properly sanitize the cmdinput argument.

Exploit

Correção

Command Injection

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-78

Identificadores relacionados

BDU:2025-12452

CVE-2025-10442

Produtos afetados

Tenda Ac15

Tenda Ac9

PT-2025-37470 · Tenda · Tenda Ac9+1

CVE-2025-10442

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14