CVE-2025-10442 — MEDIUM (6.3)

Vulnerability Description

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Tenda	Ac9 Firmware	15.03.05.14
Tenda	Ac9	1.0
Tenda	Ac15 Firmware	15.03.05.14
Tenda	Ac15	-

Related Weaknesses (CWE)

CWE-78 CWE-77

References

https://github.com/2664521593/mycve/blob/main/Tenda/Tenda_AC9_CJ.mdExploitThird Party Advisory
https://github.com/2664521593/mycve/blob/main/Tenda/Tenda_AC9_CJ.md#pocExploitThird Party Advisory
https://vuldb.com/?ctiid.323876Permissions Required
https://vuldb.com/?id.323876Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.647838Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.647839Third Party AdvisoryVDB Entry
https://www.tenda.com.cn/Product

FAQ

What is CVE-2025-10442?

CVE-2025-10442 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command ...

How severe is CVE-2025-10442?

CVE-2025-10442 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-10442?

Check the references section above for vendor advisories and patch information. Affected products include: Tenda Ac9 Firmware, Tenda Ac9, Tenda Ac15 Firmware, Tenda Ac15.