216.73.216.86

CVE-2025-10443

· Published 15/09/2025 12:15 · Modified 15/09/2025 15:21

Labels: CVE-2025-10443 2025-09-15CVE-2025-10443CWE-119[email protected]

Essential information

Published
15/09/2025 12:15
Modified
15/09/2025 15:21
Author
Creator
CVSS
7.4 HIGH (v3) 7.4 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

NVD status

Status
Undergoing Analysis — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
tenda / ac9 cpe:2.3:a:tenda:ac9:15.03.05.14:*:*:*:*:*:*:*
tenda / ac9 cpe:2.3:a:tenda:ac9:15.03.05.18:*:*:*:*:*:*:*
tenda / ac15 cpe:2.3:a:tenda:ac15:15.03.05.14:*:*:*:*:*:*:*
tenda / ac15 cpe:2.3:a:tenda:ac15:15.03.05.18:*:*:*:*:*:*:*

References