{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0528", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-01-17T06:28:25.730Z", "datePublished": "2025-01-17T14:31:07.148Z", "dateUpdated": "2025-01-17T14:48:09.167Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-01-17T14:31:07.148Z"}, "title": "Tenda AC8/AC10/AC18 HTTP Request telnet command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "Tenda", "product": "AC8", "versions": [{"version": "16.03.10.20", "status": "affected"}], "modules": ["HTTP Request Handler"]}, {"vendor": "Tenda", "product": "AC10", "versions": [{"version": "16.03.10.20", "status": "affected"}], "modules": ["HTTP Request Handler"]}, {"vendor": "Tenda", "product": "AC18", "versions": [{"version": "16.03.10.20", "status": "affected"}], "modules": ["HTTP Request Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in Tenda AC8, AC10 and AC18 16.03.10.20 entdeckt. Dies betrifft einen unbekannten Teil der Datei /goform/telnet der Komponente HTTP Request Handler. Durch Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 8.3, "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C"}}], "timeline": [{"time": "2025-01-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-01-17T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-01-17T07:54:02.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Pr0b1em (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.292412", "name": "VDB-292412 | Tenda AC8/AC10/AC18 HTTP Request telnet command injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.292412", "name": "VDB-292412 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.478175", "name": "Submit #478175 | Tenda AC10v4.0 v16.03.10.20 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC10v16.03.10.20telnet.md", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"references": [{"url": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC10v16.03.10.20telnet.md", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-17T14:48:04.184225Z", "id": "CVE-2025-0528", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-17T14:48:09.167Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0528", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-17T14:48:04.184225Z"}}}], "references": [{"url": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC10v16.03.10.20telnet.md", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-17T14:47:54.200Z"}}], "cna": {"title": "Tenda AC8/AC10/AC18 HTTP Request telnet command injection", "credits": [{"lang": "en", "type": "reporter", "value": "Pr0b1em (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 8.3, "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C"}}], "affected": [{"vendor": "Tenda", "modules": ["HTTP Request Handler"], "product": "AC8", "versions": [{"status": "affected", "version": "16.03.10.20"}]}, {"vendor": "Tenda", "modules": ["HTTP Request Handler"], "product": "AC10", "versions": [{"status": "affected", "version": "16.03.10.20"}]}, {"vendor": "Tenda", "modules": ["HTTP Request Handler"], "product": "AC18", "versions": [{"status": "affected", "version": "16.03.10.20"}]}], "timeline": [{"lang": "en", "time": "2025-01-17T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-01-17T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-01-17T07:54:02.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.292412", "name": "VDB-292412 | Tenda AC8/AC10/AC18 HTTP Request telnet command injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.292412", "name": "VDB-292412 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.478175", "name": "Submit #478175 | Tenda AC10v4.0 v16.03.10.20 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC10v16.03.10.20telnet.md", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in Tenda AC8, AC10 and AC18 16.03.10.20 entdeckt. Dies betrifft einen unbekannten Teil der Datei /goform/telnet der Komponente HTTP Request Handler. Durch Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-01-17T14:31:07.148Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0528", "state": "PUBLISHED", "dateUpdated": "2025-01-17T14:48:09.167Z", "dateReserved": "2025-01-17T06:28:25.730Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-01-17T14:31:07.148Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}], "id": "CVE-2025-0528", "lastModified": "2025-01-17T15:15:12.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-01-17T15:15:12.430", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC10v16.03.10.20telnet.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.292412"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.292412"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.478175"}, {"source": "cna@vuldb.com", "url": "https://www.tenda.com.cn/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/Pr0b1em/IoT/blob/master/TendaAC10v16.03.10.20telnet.md"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}