Sign-up

ID

VAR-202508-0761


CVE

CVE-2025-8980


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  G1  Insufficient validation of data authenticity in firmware vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-011723

DESCRIPTION

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of G1 Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-8980 // JVNDB: JVNDB-2025-011723

AFFECTED PRODUCTS

vendor:tendamodel:g1scope:eqversion:16.01.7.8\(3660\)

Trust: 1.0

vendor:tendamodel:g1scope:eqversion:g1 firmware 16.01.7.8(3660)

Trust: 0.8

vendor:tendamodel:g1scope: - version: -

Trust: 0.8

vendor:tendamodel:g1scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-011723 // NVD: CVE-2025-8980

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-8980
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-011723
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2025-8980
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:H/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-011723
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:H/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-8980
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-011723
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-011723 // NVD: CVE-2025-8980

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.0

problemtype:Inadequate verification of data reliability (CWE-345) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-011723 // NVD: CVE-2025-8980

EXTERNAL IDS

db:NVDid:CVE-2025-8980

Trust: 2.6

db:VULDBid:319976

Trust: 1.8

db:JVNDBid:JVNDB-2025-011723

Trust: 0.8

sources: JVNDB: JVNDB-2025-011723 // NVD: CVE-2025-8980

REFERENCES

url:https://github.com/iotres/iot_firmware_update/blob/main/tenda/g1_auth.md

Trust: 1.8

url:https://github.com/iotres/iot_firmware_update/blob/main/tenda/g1_inte.md

Trust: 1.8

url:https://vuldb.com/?id.319976

Trust: 1.8

url:https://vuldb.com/?submit.628605

Trust: 1.8

url:https://vuldb.com/?submit.628606

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?ctiid.319976

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-8980

Trust: 0.8

sources: JVNDB: JVNDB-2025-011723 // NVD: CVE-2025-8980

SOURCES

db:JVNDBid:JVNDB-2025-011723
db:NVDid:CVE-2025-8980

LAST UPDATE DATE

2025-08-23T23:24:15.082000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-011723date:2025-08-19T07:09:00
db:NVDid:CVE-2025-8980date:2025-08-18T15:04:02.790

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-011723date:2025-08-19T00:00:00
db:NVDid:CVE-2025-8980date:2025-08-14T20:15:38.397