VYPR
Unrated severityNVD Advisory· Published Feb 20, 2025· Updated Feb 21, 2025

CVE-2025-25675

CVE-2025-25675

Description

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Tenda/AC10cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: V1.0 firmware V15.03.06.23

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.