CVE-2025-5900: Cross-Site Request Forgery in Tenda AC9
A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2025-5900 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Tenda AC9 router firmware version 15.03.02.13. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged HTTP request to a vulnerable web application or device, causing the device to perform unwanted actions on behalf of the user without their consent. In this case, the vulnerability affects an unspecified component of the Tenda AC9 router, enabling remote attackers to initiate CSRF attacks without requiring authentication or prior privileges. The vulnerability is classified as 'problematic' with a CVSS 4.0 base score of 5.3 (medium severity), indicating moderate impact. The attack vector is network-based (remote), with low attack complexity and no privileges or user interaction required beyond the victim visiting a malicious webpage or clicking a crafted link. The impact primarily affects the integrity of the device's configuration, potentially allowing attackers to alter router settings, redirect traffic, or disrupt network operations. Confidentiality and availability impacts are limited or low. The vulnerability has been publicly disclosed, but no known exploits in the wild have been reported to date. No official patches or mitigation links have been provided yet, which increases the risk for affected users until updates are released. Given the widespread use of Tenda AC9 routers in home and small office environments, this vulnerability could be leveraged in targeted attacks or broader campaigns to compromise network security and privacy.
Potential Impact
For European organizations, especially small and medium enterprises (SMEs) and home office users relying on Tenda AC9 routers, this vulnerability poses a moderate risk. Successful exploitation could allow attackers to manipulate router configurations remotely, potentially redirecting traffic to malicious sites, intercepting sensitive data, or disrupting network connectivity. This can lead to data leakage, man-in-the-middle attacks, or denial of service conditions impacting business operations. Since the vulnerability does not require authentication or user interaction beyond visiting a malicious webpage, it lowers the barrier for exploitation. European organizations with remote or hybrid work setups using vulnerable Tenda AC9 devices may face increased exposure. Additionally, critical infrastructure or organizations with less mature network security practices could be targeted for espionage or sabotage. However, the absence of known exploits in the wild and the medium severity rating suggest the threat is currently moderate but warrants proactive mitigation to prevent escalation.
Mitigation Recommendations
1. Immediate mitigation should focus on network segmentation and restricting access to the router's web management interface from untrusted networks, including disabling remote management if enabled. 2. Users should avoid visiting untrusted websites or clicking suspicious links while connected to networks using vulnerable Tenda AC9 routers. 3. Monitor network traffic for unusual configuration changes or DNS redirection that could indicate exploitation attempts. 4. Implement Content Security Policy (CSP) and SameSite cookie attributes on internal web interfaces where possible to reduce CSRF risks. 5. Regularly check for firmware updates from Tenda and apply patches as soon as they become available. 6. Consider replacing vulnerable devices with models that have robust security controls if patches are delayed. 7. Educate users about the risks of CSRF and safe browsing practices to reduce the likelihood of successful attacks. 8. Employ network intrusion detection systems (NIDS) to detect anomalous traffic patterns associated with CSRF exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2025-5900: Cross-Site Request Forgery in Tenda AC9
Description
A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2025-5900 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Tenda AC9 router firmware version 15.03.02.13. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged HTTP request to a vulnerable web application or device, causing the device to perform unwanted actions on behalf of the user without their consent. In this case, the vulnerability affects an unspecified component of the Tenda AC9 router, enabling remote attackers to initiate CSRF attacks without requiring authentication or prior privileges. The vulnerability is classified as 'problematic' with a CVSS 4.0 base score of 5.3 (medium severity), indicating moderate impact. The attack vector is network-based (remote), with low attack complexity and no privileges or user interaction required beyond the victim visiting a malicious webpage or clicking a crafted link. The impact primarily affects the integrity of the device's configuration, potentially allowing attackers to alter router settings, redirect traffic, or disrupt network operations. Confidentiality and availability impacts are limited or low. The vulnerability has been publicly disclosed, but no known exploits in the wild have been reported to date. No official patches or mitigation links have been provided yet, which increases the risk for affected users until updates are released. Given the widespread use of Tenda AC9 routers in home and small office environments, this vulnerability could be leveraged in targeted attacks or broader campaigns to compromise network security and privacy.
Potential Impact
For European organizations, especially small and medium enterprises (SMEs) and home office users relying on Tenda AC9 routers, this vulnerability poses a moderate risk. Successful exploitation could allow attackers to manipulate router configurations remotely, potentially redirecting traffic to malicious sites, intercepting sensitive data, or disrupting network connectivity. This can lead to data leakage, man-in-the-middle attacks, or denial of service conditions impacting business operations. Since the vulnerability does not require authentication or user interaction beyond visiting a malicious webpage, it lowers the barrier for exploitation. European organizations with remote or hybrid work setups using vulnerable Tenda AC9 devices may face increased exposure. Additionally, critical infrastructure or organizations with less mature network security practices could be targeted for espionage or sabotage. However, the absence of known exploits in the wild and the medium severity rating suggest the threat is currently moderate but warrants proactive mitigation to prevent escalation.
Mitigation Recommendations
1. Immediate mitigation should focus on network segmentation and restricting access to the router's web management interface from untrusted networks, including disabling remote management if enabled. 2. Users should avoid visiting untrusted websites or clicking suspicious links while connected to networks using vulnerable Tenda AC9 routers. 3. Monitor network traffic for unusual configuration changes or DNS redirection that could indicate exploitation attempts. 4. Implement Content Security Policy (CSP) and SameSite cookie attributes on internal web interfaces where possible to reduce CSRF risks. 5. Regularly check for firmware updates from Tenda and apply patches as soon as they become available. 6. Consider replacing vulnerable devices with models that have robust security controls if patches are delayed. 7. Educate users about the risks of CSRF and safe browsing practices to reduce the likelihood of successful attacks. 8. Employ network intrusion detection systems (NIDS) to detect anomalous traffic patterns associated with CSRF exploitation attempts.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-06-09T07:42:33.564Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68487f541b0bd07c3938a0cf
Added to database: 6/10/2025, 6:54:12 PM
Last enriched: 7/11/2025, 12:04:05 AM
Last updated: 8/12/2025, 10:05:24 AM
Views: 10
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.