← Volver a CVEs

CVE-2025-11523

MEDIUM

6.3

Descripcion

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

Detalles CVE

Puntuacion CVSS v3.16.3

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado10/9/2025

Ultima modificacion10/9/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

tenda:ac7tenda:ac7_firmware

Debilidades (CWE)

CWE-74CWE-77CWE-77

Referencias

https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC7/AdvSetLanip.md(cna@vuldb.com)

https://vuldb.com/?ctiid.327661(cna@vuldb.com)

https://vuldb.com/?id.327661(cna@vuldb.com)

https://vuldb.com/?submit.669849(cna@vuldb.com)

https://www.tenda.com.cn/(cna@vuldb.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.