Details of VAR-202509-3067

ID

VAR-202509-3067

CVE

CVE-2025-57296

TITLE

Tenda AC6 formSetIptv function command injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-24487

DESCRIPTION

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the sub_ADBC0 helper function concatenates these user-supplied values into nvram set system commands using doSystemCmd, without validating or sanitizing special characters (e.g., ;, ", #). An unauthenticated or authenticated attacker can exploit this by submitting a crafted POST request, leading to arbitrary system command execution on the affected device. The Tenda AC6 is a dual-band wireless router from Tenda, supporting both 2.4GHz and 5GHz bands and achieving a maximum transfer rate of 1167Mbps. Detailed vulnerability details are currently unavailable

Trust: 1.44

sources: NVD: CVE-2025-57296 // CNVD: CNVD-2025-24487

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-24487

AFFECTED PRODUCTS

vendor:

tenda

model:

ac6

scope:

version:

15.03.05.19

Trust: 1.6

sources: CNVD: CNVD-2025-24487 // NVD: CVE-2025-57296

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-57296
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-24487
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-24487
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-57296
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-24487 // NVD: CVE-2025-57296

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2025-57296

EXTERNAL IDS

db:	NVD	id:	CVE-2025-57296	Trust: 1.6
db:	CNVD	id:	CNVD-2025-24487	Trust: 0.6

sources: CNVD: CNVD-2025-24487 // NVD: CVE-2025-57296

REFERENCES

url:	https://github.com/zz2266/.github.io/blob/main/tenda/readme.md	Trust: 1.6
url:	https://github.com/zz2266/.github.io/tree/main/tenda	Trust: 1.0
url:	https://tenda.com.cn/material/show/2681	Trust: 1.0

sources: CNVD: CNVD-2025-24487 // NVD: CVE-2025-57296

SOURCES

db:	CNVD	id:	CNVD-2025-24487
db:	NVD	id:	CVE-2025-57296

LAST UPDATE DATE

2025-11-19T23:30:51.518000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-24487	date:	2025-10-22T00:00:00
db:	NVD	id:	CVE-2025-57296	date:	2025-09-25T19:34:34.617

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-24487	date:	2025-10-22T00:00:00
db:	NVD	id:	CVE-2025-57296	date:	2025-09-19T16:15:46.107