PT-2025-29165 · Tenda · Tenda O3V2
Pjq123
·
Published
2025-07-04
·
Updated
2025-10-10
·
CVE-2025-7414
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda O3V2 version 1.0.0.12(3880)
Description
A critical issue exists in Tenda O3V2 version 1.0.0.12(3880). The
fromNetToolGet function within the /goform/setPingInfo file of the httpd component is susceptible to operating system command injection. Manipulation of the domain argument allows for remote execution of commands. The exploit has been publicly disclosed and may be actively exploited.Recommendations
Update to a newer version that contains a fix for this vulnerability.
As a temporary workaround, restrict access to the
/goform/setPingInfo file.
Disable the fromNetToolGet function if possible.Exploit
Fix
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tenda O3V2