CVE-2025-5836

Sažetak

A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Reference

https://candle-throne-f75.notion.site/Tenda-AC9-formSetIptv-209df0aa11858061ae2bcbf83918d034
https://vuldb.com/?ctiid.311579
https://vuldb.com/?id.311579
https://vuldb.com/?submit.591363
https://www.tenda.com.cn/
https://candle-throne-f75.notion.site/Tenda-AC9-formSetIptv-209df0aa11858061ae2bcbf83918d034

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-06-2025 - 19:07

Objavljeno

07-06-2025 - 14:15