CVE-2025-9828

A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
VulDBCNA
3.7 LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
tendacp6_firmware
11.10.00.243
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/CP6.md
https://vuldb.com/?ctiid.322175
https://vuldb.com/?id.322175
https://vuldb.com/?submit.641566
https://www.tenda.com.cn/