CVE-2025-5900

Опубликовано: 09 июн. 2025

Источник: nvd

CVSS3: 4.3

CVSS3: 7.1

CVSS2: 5

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://candle-throne-f75.notion.site/Tenda-AC9-fromSysToolReboot-20adf0aa1185806a9d20ee5c355c08a6?pvs=73
Exploit
Third Party Advisory
https://candle-throne-f75.notion.site/Tenda-AC9-fromSysToolRestoreSet-20adf0aa11858094a25ae21f9b4203da
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.311673
Permissions Required
VDB Entry
https://vuldb.com/?id.311673
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.592198
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.592199
Third Party Advisory
VDB Entry
https://www.tenda.com.cn/
Product
https://candle-throne-f75.notion.site/Tenda-AC9-fromSysToolRestoreSet-20adf0aa11858094a25ae21f9b4203da
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:ac9_firmware:15.03.2.13:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00023

Низкий

4.3 Medium

CVSS3

7.1 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-8cxq-rp45-79vm

CVSS3: 4.3

github

9 дней назад

BDU:2025-06717

CVSS3: 4.3

fstec

13 дней назад

Уязвимость функции fromSysToolRestoreSet() микропрограммного обеспечения маршрутизаторов Tenda AC9, позволяющая нарушителю осуществить CSRF-атаку

EPSS

Процентиль: 5%

0.00023

Низкий

4.3 Medium

CVSS3

7.1 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-352