CVE-2025-7414

CVSS v3.1

8.8

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda O3V2 version 1.0.0.12(3880)

Description A critical issue exists in Tenda O3V2 version 1.0.0.12(3880). The

fromNetToolGet

function within the

/goform/setPingInfo

file of the

httpd

component is susceptible to operating system command injection. Manipulation of the

domain

argument allows for remote execution of commands. The exploit has been publicly disclosed and may be actively exploited.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the

/goform/setPingInfo

file. Disable the

fromNetToolGet

function if possible.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

BDU:2025-08758

CVE-2025-7414

Tenda O3V2