Sign-up

ID

VAR-202512-2468


CVE

CVE-2025-15076


DESCRIPTION

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

Trust: 1.0

sources: NVD: CVE-2025-15076

AFFECTED PRODUCTS

vendor:tendamodel:ch22scope:eqversion:1.0.0.1

Trust: 1.0

sources: NVD: CVE-2025-15076

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-15076
value: MEDIUM

Trust: 1.0

cna@vuldb.com: CVE-2025-15076
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

cna@vuldb.com: CVE-2025-15076
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-15076

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

sources: NVD: CVE-2025-15076

EXTERNAL IDS

db:VULDBid:338333

Trust: 1.0

db:NVDid:CVE-2025-15076

Trust: 1.0

sources: NVD: CVE-2025-15076

REFERENCES

url:https://vuldb.com/?submit.721411

Trust: 1.0

url:https://github.com/master-abc/cve/blob/main/tenda%20ch22%20v1.0.0.1%20router%20authentication%20bypass%20vulnerability%20in%20r7webssecurityhandler%20function.md

Trust: 1.0

url:https://www.tenda.com.cn/

Trust: 1.0

url:https://vuldb.com/?ctiid.338333

Trust: 1.0

url:https://vuldb.com/?id.338333

Trust: 1.0

sources: NVD: CVE-2025-15076

SOURCES

db:NVDid:CVE-2025-15076

LAST UPDATE DATE

2026-01-15T23:35:23.734000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-15076date:2025-12-30T19:17:13.593

SOURCES RELEASE DATE

db:NVDid:CVE-2025-15076date:2025-12-25T04:15:43.287