CVE-2025-1819

Name of the Vulnerable Software and Affected Versions Tenda AC7 1200M version 15.03.06.44

Description A critical vulnerability was found in the TendaTelnet function of the file /goform/telnet. The manipulation of the lan ip argument leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Tenda AC7 1200M version 15.03.06.44, consider disabling the TendaTelnet function of the file /goform/telnet until a patch is available. Restrict access to the /goform/telnet endpoint to minimize the risk of exploitation. Avoid using the lan ip argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.