CVE-2025-15048

Опубликовано: 23 дек. 2025

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Ссылки

https://github.com/z472421519/BinaryAudit/blob/main/PoC/CMD/Tenda_WH450/CheckTools/CheckTools.md
Exploit
Third Party Advisory
https://github.com/z472421519/BinaryAudit/blob/main/PoC/CMD/Tenda_WH450/CheckTools/CheckTools.md#reproduce
Exploit
https://vuldb.com/?ctiid.337853
Permissions Required
VDB Entry
https://vuldb.com/?id.337853
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.720885
Third Party Advisory
VDB Entry
https://www.tenda.com.cn/
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:wh450_firmware:1.0.0.18:*:*:*:*:*:*:*

cpe:2.3:h:tenda:wh450:-:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.0086

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-g29r-xm3q-hxxv

CVSS3: 7.3

github

около 2 месяцев назад

EPSS

Процентиль: 75%

0.0086

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74