CVE-2025-10443

A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
8.8 HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
tendaac9_firmware
15.03.05.14
tendaac15_firmware
15.03.05.18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/2664521593/mycve/blob/main/Tenda/Tenda_AC15_AC9_Bof.md
https://github.com/2664521593/mycve/blob/main/Tenda/Tenda_AC15_AC9_Bof.md#poc
https://vuldb.com/?ctiid.323877
https://vuldb.com/?id.323877
https://vuldb.com/?submit.647840
https://www.tenda.com.cn/