Sign-up

ID

VAR-202509-1490


CVE

CVE-2025-10442


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC9  firmware and  AC15  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-014433

DESCRIPTION

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Shenzhen Tenda Technology Co.,Ltd. of AC9 firmware and AC15 The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-10442 // JVNDB: JVNDB-2025-014433

AFFECTED PRODUCTS

vendor:tendamodel:ac9scope:eqversion:15.03.05.14

Trust: 1.0

vendor:tendamodel:ac15scope:eqversion:15.03.05.14

Trust: 1.0

vendor:tendamodel:ac15scope: - version: -

Trust: 0.8

vendor:tendamodel:ac9scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-014433 // NVD: CVE-2025-10442

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-10442
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-10442
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-014433
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-10442
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-014433
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-10442
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-10442
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-014433
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-014433 // NVD: CVE-2025-10442 // NVD: CVE-2025-10442

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-014433 // NVD: CVE-2025-10442

EXTERNAL IDS

db:NVDid:CVE-2025-10442

Trust: 2.6

db:VULDBid:323876

Trust: 1.8

db:JVNDBid:JVNDB-2025-014433

Trust: 0.8

sources: JVNDB: JVNDB-2025-014433 // NVD: CVE-2025-10442

REFERENCES

url:https://github.com/2664521593/mycve/blob/main/tenda/tenda_ac9_cj.md

Trust: 1.8

url:https://github.com/2664521593/mycve/blob/main/tenda/tenda_ac9_cj.md#poc

Trust: 1.8

url:https://vuldb.com/?id.323876

Trust: 1.8

url:https://vuldb.com/?submit.647838

Trust: 1.8

url:https://vuldb.com/?submit.647839

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?ctiid.323876

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-10442

Trust: 0.8

sources: JVNDB: JVNDB-2025-014433 // NVD: CVE-2025-10442

SOURCES

db:JVNDBid:JVNDB-2025-014433
db:NVDid:CVE-2025-10442

LAST UPDATE DATE

2025-09-26T23:41:52.051000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-014433date:2025-09-25T01:26:00
db:NVDid:CVE-2025-10442date:2025-09-19T20:39:12.093

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-014433date:2025-09-25T00:00:00
db:NVDid:CVE-2025-10442date:2025-09-15T11:15:33.970