6.8

CVE-2025-8979

Exploit

Tenda AC15 Firmware Update check_fw data authenticity

A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TendaAc15 Firmware Version15.13.07.13
   TendaAc15 Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.303
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@vuldb.com 6.6 0.7 5.9
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com 6.6 0 0
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 6.8 3.2 10
AV:N/AC:H/Au:M/C:C/I:C/A:C
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://www.tenda.com.cn/
Product
https://vuldb.com/?id.319975
Third Party Advisory
VDB Entry
https://vuldb.com/?ctiid.319975
Permissions Required
https://vuldb.com/?submit.628602
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.628603
Not Applicable
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Auth.md
Third Party Advisory
Exploit
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Inte.md
Third Party Advisory
Exploit