Skip to main content

CVE-2025-44872: n/a in n/a

Critical
VulnerabilityCVE-2025-44872cvecve-2025-44872
Published: Fri May 02 2025 (05/02/2025, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

AI-Powered Analysis

AILast updated: 07/03/2025, 08:40:59 UTC

Technical Analysis

The CVE-2025-44872 vulnerability affects the Tenda AC9 router firmware version V15.03.06.42_multi. It is a critical command injection vulnerability located in the formsetUsbUnload function, specifically exploitable via the deviceName parameter. Command injection vulnerabilities occur when untrusted input is passed to a system shell or command interpreter without proper sanitization, allowing an attacker to execute arbitrary commands on the affected device. In this case, an attacker can craft a malicious request that manipulates the deviceName parameter to inject and execute arbitrary system commands remotely. The vulnerability has a CVSS 3.1 base score of 9.8, indicating critical severity with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), and impacts confidentiality, integrity, and availability (C:H/I:H/A:H). This means the vulnerability can be exploited remotely by unauthenticated attackers without any user interaction, leading to full compromise of the device. The affected product is the Tenda AC9 router, a consumer-grade networking device commonly used for home and small office internet connectivity. The vulnerability is categorized under CWE-77 (Improper Neutralization of Special Elements used in a Command), which is a classic command injection weakness. No patches or fixes are currently linked, and there are no known exploits in the wild at the time of publication. However, given the critical nature and ease of exploitation, this vulnerability poses a significant risk to any network using the affected firmware version. Attackers could leverage this flaw to gain persistent control over the router, intercept or manipulate network traffic, launch further attacks on internal networks, or disrupt internet connectivity by disabling the device or its services.

Potential Impact

For European organizations, this vulnerability presents a severe risk, especially for small businesses and home offices relying on Tenda AC9 routers for internet access. Successful exploitation could lead to full compromise of the router, allowing attackers to intercept sensitive data, manipulate network traffic, or pivot into internal networks. This could result in data breaches, espionage, disruption of business operations, and loss of availability of critical internet services. Since the vulnerability requires no authentication and no user interaction, it can be exploited remotely over the internet, increasing the attack surface. Organizations with remote or hybrid workforces using vulnerable routers at home are also at risk, potentially exposing corporate networks through compromised endpoints. The lack of available patches increases the urgency for mitigation. Additionally, the criticality of the vulnerability means it could be weaponized in automated attacks or botnets targeting vulnerable devices across Europe, amplifying the impact. The confidentiality, integrity, and availability of network communications and connected systems are all at high risk.

Mitigation Recommendations

1. Immediate mitigation should include isolating affected Tenda AC9 routers from untrusted networks, especially the internet, until a vendor patch is available. 2. Network administrators should implement strict firewall rules to restrict inbound access to router management interfaces and USB-related services. 3. Disable USB functionality on the router if not required, to reduce the attack surface related to the vulnerable formsetUsbUnload function. 4. Monitor network traffic for unusual or suspicious requests targeting the deviceName parameter or USB-related endpoints. 5. Employ network segmentation to limit the impact of a compromised router on critical internal systems. 6. Use intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect exploitation attempts. 7. Regularly check for firmware updates from Tenda and apply patches as soon as they become available. 8. Educate users and administrators about the risks of using outdated firmware and encourage timely updates. 9. Consider replacing vulnerable devices with routers from vendors with a strong security track record if patches are delayed. 10. For organizations with remote workers, provide secure VPN access and endpoint security to mitigate risks from compromised home routers.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-04-22T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981cc4522896dcbda576

Added to database: 5/21/2025, 9:08:44 AM

Last enriched: 7/3/2025, 8:40:59 AM

Last updated: 7/29/2025, 6:07:05 AM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats