CVE-2025-9090
BaseFortify
Publication date: 2025-08-17
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac20_firmware | 16.03.08.12 |
| tenda | ac20 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9090 is a command injection vulnerability in the Tenda AC20 router firmware version 16.03.08.12. It exists in the Telnet Service component, specifically in the websFormDefine function accessed via the /goform/telnet HTTP endpoint. The vulnerability arises because the function executes system commands without properly sanitizing user input, allowing an attacker to remotely inject commands. This can enable the attacker to start the telnet service on the router and gain root shell access, leading to arbitrary command execution on the device. [1, 2]
How can this vulnerability impact me? :
This vulnerability can severely impact you by allowing a remote attacker to execute arbitrary commands on your Tenda AC20 router with root privileges. This compromises the confidentiality, integrity, and availability of the device. An attacker can enable the telnet service remotely, gain interactive shell access, and potentially control or disrupt your network traffic, steal sensitive information, or use the device as a foothold for further attacks. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP requests sent to the /goform/telnet endpoint on the Tenda AC20 router running firmware version 16.03.08.12. Suspicious or crafted requests that attempt to activate the telnet service remotely may indicate exploitation attempts. Network administrators can use tools like curl or wget to test the endpoint manually, for example: curl -X POST http://<router-ip>/goform/telnet -d '<crafted_payload>'. Additionally, checking for unexpected telnet service activity or processes on the router (e.g., using commands like 'ps | grep telnetd' on the device) can help detect exploitation. Monitoring logs for the message "load telnetd success." returned with HTTP 200 status may also indicate exploitation. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Tenda AC20 router running firmware version 16.03.08.12 with a secure version or different device, as no known countermeasures or patches currently exist. Disabling remote access to the /goform/telnet endpoint or restricting access to trusted networks can reduce exposure. Monitoring and blocking suspicious HTTP requests targeting the /goform/telnet endpoint is recommended. If possible, disable the telnet service entirely on the device to prevent remote command execution. [1, 2]