Details of VAR-202507-0412

ID

VAR-202507-0412

CVE

CVE-2025-7415

TITLE

Shenzhen Tenda Technology Co.,Ltd. of o3 Injection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009360

DESCRIPTION

A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of o3 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda O3V2 is an outdoor wireless network bridge from the Chinese company Tenda. The Tenda O3V2 suffers from a command injection vulnerability caused by the failure of the dest parameter in the /goform/getTraceroute file to properly sanitize special characters and commands in constructed commands. Detailed vulnerability details are currently unavailable

Trust: 2.16

sources: NVD: CVE-2025-7415 // JVNDB: JVNDB-2025-009360 // CNVD: CNVD-2025-17010

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17010

AFFECTED PRODUCTS

vendor:	tenda	model:	o3	scope:	eq	version:	1.0.0.12\(3880\)	Trust: 1.0
vendor:	tenda	model:	o3	scope:	eq	version:	o3 firmware 1.0.0.12(3880)	Trust: 0.8
vendor:	tenda	model:	o3	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	o3	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	o3v2	scope:	eq	version:	1.0.0.12(3880)	Trust: 0.6

sources: CNVD: CNVD-2025-17010 // JVNDB: JVNDB-2025-009360 // NVD: CVE-2025-7415

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7415
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2025-7415
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009360
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-17010
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-7415
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009360
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-17010
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7415
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-7415
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-009360
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17010 // JVNDB: JVNDB-2025-009360 // NVD: CVE-2025-7415 // NVD: CVE-2025-7415

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-74	Trust: 1.0
problemtype:	injection (CWE-74) [ others ]	Trust: 0.8
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009360 // NVD: CVE-2025-7415

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7415	Trust: 3.2
db:	VULDB	id:	315875	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009360	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17010	Trust: 0.6

sources: CNVD: CNVD-2025-17010 // JVNDB: JVNDB-2025-009360 // NVD: CVE-2025-7415

REFERENCES

url:	https://github.com/wudipjq/my_vuln/blob/main/tenda3/vuln_48/48.md	Trust: 1.8
url:	https://github.com/wudipjq/my_vuln/blob/main/tenda3/vuln_48/48.md#poc	Trust: 1.8
url:	https://vuldb.com/?id.315875	Trust: 1.8
url:	https://vuldb.com/?submit.608856	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7415	Trust: 1.4
url:	https://vuldb.com/?ctiid.315875	Trust: 1.0

sources: CNVD: CNVD-2025-17010 // JVNDB: JVNDB-2025-009360 // NVD: CVE-2025-7415

SOURCES

db:	CNVD	id:	CNVD-2025-17010
db:	JVNDB	id:	JVNDB-2025-009360
db:	NVD	id:	CVE-2025-7415

LAST UPDATE DATE

2025-07-30T22:57:06.753000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17010	date:	2025-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2025-009360	date:	2025-07-18T08:56:00
db:	NVD	id:	CVE-2025-7415	date:	2025-07-16T15:00:33.120

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17010	date:	2025-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2025-009360	date:	2025-07-18T00:00:00
db:	NVD	id:	CVE-2025-7415	date:	2025-07-10T21:15:30.443