Details of VAR-202503-0669

ID

VAR-202503-0669

CVE

CVE-2025-25632

TITLE

Tenda AC15 command injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-05229

DESCRIPTION

Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Tenda AC15 is a wireless router from China's Tenda company. The vulnerability is caused by the application's failure to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to cause arbitrary command execution

Trust: 1.44

sources: NVD: CVE-2025-25632 // CNVD: CNVD-2025-05229

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-05229

AFFECTED PRODUCTS

vendor:

tenda

model:

ac15

scope:

version:

15.03.05.19

Trust: 0.6

sources: CNVD: CNVD-2025-05229

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-25632
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-05229
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-05229
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-25632
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-05229 // NVD: CVE-2025-25632

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2025-25632

EXTERNAL IDS

db:	NVD	id:	CVE-2025-25632	Trust: 1.6
db:	CNVD	id:	CNVD-2025-05229	Trust: 0.6

sources: CNVD: CNVD-2025-05229 // NVD: CVE-2025-25632

REFERENCES

url:	https://github.com/pr0b1em/iot/blob/master/tendaac15v15.03.05.19telnet.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-25632	Trust: 0.6

sources: CNVD: CNVD-2025-05229 // NVD: CVE-2025-25632

SOURCES

db:	CNVD	id:	CNVD-2025-05229
db:	NVD	id:	CVE-2025-25632

LAST UPDATE DATE

2025-03-21T23:37:14.193000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-05229	date:	2025-03-18T00:00:00
db:	NVD	id:	CVE-2025-25632	date:	2025-03-06T15:15:17.770

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-05229	date:	2025-03-14T00:00:00
db:	NVD	id:	CVE-2025-25632	date:	2025-03-05T21:15:19.890