CVE-2025-8979
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-18
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac15_firmware | 15.13.07.13 |
| tenda | ac15 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Tenda AC15 firmware update handler, specifically in the functions check_fw_type, split_fireware, and check_fw. It involves insufficient verification of data authenticity during the firmware update process, which can be exploited remotely. Although the attack complexity is high and exploitation is difficult, the vulnerability has been publicly disclosed and could potentially be used by attackers.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow an attacker to bypass proper verification of firmware updates, potentially leading to unauthorized or malicious firmware being installed on the device. This could compromise the device's confidentiality, integrity, and availability, resulting in unauthorized access, data manipulation, or device malfunction.