CVE-2025-5900

A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
VulDBCNA
4.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
tendaac9_firmware
15.03.2.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://candle-throne-f75.notion.site/Tenda-AC9-fromSysToolReboot-20adf0aa1185806a9d20ee5c355c08a6?pvs=73
https://candle-throne-f75.notion.site/Tenda-AC9-fromSysToolRestoreSet-20adf0aa11858094a25ae21f9b4203da
https://vuldb.com/?ctiid.311673
https://vuldb.com/?id.311673
https://vuldb.com/?submit.592198
https://vuldb.com/?submit.592199
https://www.tenda.com.cn/
https://candle-throne-f75.notion.site/Tenda-AC9-fromSysToolRestoreSet-20adf0aa11858094a25ae21f9b4203da