Sign-up

ID

VAR-202509-0089


CVE

CVE-2025-9828


TITLE

Tenda CP6 encryption vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-21171

DESCRIPTION

A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The Tenda CP6 is a smart camera from the Chinese company Tenda. This vulnerability stems from the use of a compromised encryption algorithm in the function sub_2B7D04 in the uhttp component. An attacker could exploit this vulnerability to compromise the device's integrity

Trust: 1.44

sources: NVD: CVE-2025-9828 // CNVD: CNVD-2025-21171

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-21171

AFFECTED PRODUCTS

vendor:tendamodel:cp6scope:eqversion:11.10.00.243

Trust: 0.6

sources: CNVD: CNVD-2025-21171

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-9828
value: LOW

Trust: 1.0

CNVD: CNVD-2025-21171
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-9828
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-21171
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-9828
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-21171 // NVD: CVE-2025-9828

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.0

problemtype:CWE-327

Trust: 1.0

sources: NVD: CVE-2025-9828

EXTERNAL IDS

db:NVDid:CVE-2025-9828

Trust: 1.6

db:VULDBid:322175

Trust: 1.0

db:CNVDid:CNVD-2025-21171

Trust: 0.6

sources: CNVD: CNVD-2025-21171 // NVD: CVE-2025-9828

REFERENCES

url:https://github.com/iotres/iot_firmware_update/blob/main/tenda/cp6.md

Trust: 1.0

url:https://vuldb.com/?ctiid.322175

Trust: 1.0

url:https://vuldb.com/?submit.641566

Trust: 1.0

url:https://www.tenda.com.cn/

Trust: 1.0

url:https://vuldb.com/?id.322175

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-9828

Trust: 0.6

sources: CNVD: CNVD-2025-21171 // NVD: CVE-2025-9828

SOURCES

db:CNVDid:CNVD-2025-21171
db:NVDid:CVE-2025-9828

LAST UPDATE DATE

2025-09-13T23:32:08.277000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-21171date:2025-09-12T00:00:00
db:NVDid:CVE-2025-9828date:2025-09-04T15:36:56.447

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-21171date:2025-09-12T00:00:00
db:NVDid:CVE-2025-9828date:2025-09-02T17:15:36.740