Skip to main content

CVE-2025-44867: n/a in n/a

Medium
VulnerabilityCVE-2025-44867cvecve-2025-44867
Published: Thu May 01 2025 (05/01/2025, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

AI-Powered Analysis

AILast updated: 06/25/2025, 23:31:21 UTC

Technical Analysis

CVE-2025-44867 is a command injection vulnerability identified in the Tenda W20E router firmware version V15.11.0.6. The vulnerability exists in the formSetNetCheckTools function, specifically via the hostName parameter. An attacker can exploit this flaw by sending a crafted request that injects arbitrary commands, which the device executes with the privileges of the affected process. This vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating that user-supplied input is not properly sanitized before being passed to a system command. The CVSS v3.1 base score is 6.3, reflecting a medium severity level. The vector string (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) indicates that the attack can be performed remotely over the network with low attack complexity, requires low privileges (authenticated user), and no user interaction. The impact affects confidentiality, integrity, and availability to a limited extent, as the attacker can execute commands but with limited privileges. No public exploits have been reported in the wild to date, and no patches or vendor advisories are currently available. The vulnerability was published on May 1, 2025, with the reservation date on April 22, 2025. The affected product is a consumer-grade wireless router, commonly used in home and small office environments, which may also be deployed in some small business contexts.

Potential Impact

For European organizations, especially small and medium enterprises (SMEs) and home office users relying on Tenda W20E routers, this vulnerability poses a moderate risk. Successful exploitation could allow attackers to execute arbitrary commands on the router, potentially leading to unauthorized network access, interception or manipulation of traffic, and disruption of network availability. Although the attack requires low privileges (authenticated user), in many home or small office setups, default or weak credentials may facilitate unauthorized access. The compromise of network infrastructure devices like routers can serve as a foothold for lateral movement or persistent access within organizational networks. Given the medium CVSS score, the impact on confidentiality, integrity, and availability is limited but non-negligible. Larger enterprises are less likely to be affected due to the typical use of enterprise-grade network equipment. However, organizations with remote or distributed workforces using these devices at endpoints could face increased exposure. The lack of patches increases the window of exposure, and the absence of known exploits suggests limited current active exploitation, but this could change rapidly once exploit code becomes available.

Mitigation Recommendations

1. Immediate mitigation should focus on restricting access to the router's management interface to trusted users only, ideally limiting it to local network access and disabling remote management if enabled. 2. Enforce strong, unique administrative credentials to prevent unauthorized authentication, as exploitation requires low privileges but authenticated access. 3. Monitor network traffic for unusual patterns or unexpected command execution attempts targeting the hostName parameter in router requests. 4. Segment network infrastructure devices from critical business systems to limit potential lateral movement in case of compromise. 5. Regularly check for firmware updates or vendor advisories from Tenda, and apply patches promptly once available. 6. Consider replacing vulnerable devices with more secure alternatives if patching is not forthcoming. 7. Implement network-level protections such as intrusion detection/prevention systems (IDS/IPS) that can detect command injection attempts or anomalous requests to router management interfaces. 8. Educate users about the risks of weak credentials and the importance of securing home or small office network devices, especially in hybrid work environments.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-04-22T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9838c4522896dcbec333

Added to database: 5/21/2025, 9:09:12 AM

Last enriched: 6/25/2025, 11:31:21 PM

Last updated: 7/26/2025, 2:17:36 PM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats