CVE-2025-8980
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-18
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | g1_firmware | 16.01.7.8\(3660\) |
| tenda | g1 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Tenda G1 firmware update handler, specifically in the check_upload_file function. It involves insufficient verification of data authenticity during firmware updates, which means that the system may accept malicious or tampered firmware files. The vulnerability can be exploited remotely, but the attack complexity is high and exploitation is difficult. The exploit has been publicly disclosed.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to upload and execute malicious firmware on the affected device, potentially leading to unauthorized control, data compromise, or disruption of device functionality. Because the verification of firmware authenticity is insufficient, the device's security integrity is at risk.