CVE-2025-5606

Опубликовано: 04 июн. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://lavender-bicycle-a5a.notion.site/Tenda-AC18-formSetIptv-20653a41781f8077b67af003423cf1da?source=copy_link
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.311092
Permissions Required
https://vuldb.com/?id.311092
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.588933
Third Party Advisory
VDB Entry
https://www.tenda.com.cn/
Product
https://lavender-bicycle-a5a.notion.site/Tenda-AC18-formSetIptv-20653a41781f8077b67af003423cf1da
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00998

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

CWE-77

Связанные уязвимости

GHSA-mfw6-88f6-x9r5

CVSS3: 6.3

github

14 дней назад

EPSS

Процентиль: 76%

0.00998

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

CWE-77