Sign-up

ID

VAR-202508-0672


CVE

CVE-2025-8979


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC15  Insufficient validation of data authenticity in firmware vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-012176

DESCRIPTION

A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-8979 // JVNDB: JVNDB-2025-012176

AFFECTED PRODUCTS

vendor:tendamodel:ac15scope:eqversion:15.13.07.13

Trust: 1.0

vendor:tendamodel:ac15scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac15scope: - version: -

Trust: 0.8

vendor:tendamodel:ac15scope:eqversion:ac15 firmware 15.13.07.13

Trust: 0.8

sources: JVNDB: JVNDB-2025-012176 // NVD: CVE-2025-8979

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-8979
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-012176
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2025-8979
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:H/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-012176
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:H/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-8979
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-012176
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-012176 // NVD: CVE-2025-8979

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.0

problemtype:Inadequate verification of data reliability (CWE-345) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-012176 // NVD: CVE-2025-8979

EXTERNAL IDS

db:NVDid:CVE-2025-8979

Trust: 2.6

db:VULDBid:319975

Trust: 1.8

db:JVNDBid:JVNDB-2025-012176

Trust: 0.8

sources: JVNDB: JVNDB-2025-012176 // NVD: CVE-2025-8979

REFERENCES

url:https://github.com/iotres/iot_firmware_update/blob/main/tenda/ac15_auth.md

Trust: 1.8

url:https://github.com/iotres/iot_firmware_update/blob/main/tenda/ac15_inte.md

Trust: 1.8

url:https://vuldb.com/?id.319975

Trust: 1.8

url:https://vuldb.com/?submit.628602

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?submit.628603

Trust: 1.0

url:https://vuldb.com/?ctiid.319975

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-8979

Trust: 0.8

sources: JVNDB: JVNDB-2025-012176 // NVD: CVE-2025-8979

SOURCES

db:JVNDBid:JVNDB-2025-012176
db:NVDid:CVE-2025-8979

LAST UPDATE DATE

2025-08-24T23:12:07.294000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-012176date:2025-08-22T09:25:00
db:NVDid:CVE-2025-8979date:2025-08-18T15:03:49.693

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-012176date:2025-08-22T00:00:00
db:NVDid:CVE-2025-8979date:2025-08-14T20:15:37.583