CVE-2025-10442
BaseFortify
Publication date: 2025-09-15
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac9_firmware | 15.03.05.14 |
| tenda | ac9 | 1.0 |
| tenda | ac15_firmware | 15.03.05.14 |
| tenda | ac15 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10442 is an OS command injection vulnerability in Tenda AC9 and AC15 routers running firmware version 15.03.05.14. It occurs in the /goform/exeCommand endpoint, specifically in the formexeCommand function, where the cmdinput parameter is improperly sanitized. This allows an attacker to send specially crafted input that injects arbitrary operating system commands, enabling remote execution of commands on the device without local access or user interaction. [1, 2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can grant an attacker full control over the affected router, impacting the confidentiality, integrity, and availability of the device. The attacker can execute arbitrary OS commands remotely, potentially disrupting network operations, intercepting or altering data, or using the device as a foothold for further attacks. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious or unexpected requests to the /goform/exeCommand endpoint, specifically those containing the cmdinput parameter with unusual or potentially malicious input. Since the vulnerability involves OS command injection via the cmdinput parameter, network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on such patterns. Additionally, manual testing can be performed by sending crafted HTTP requests to the /goform/exeCommand endpoint with benign commands to verify if command execution is possible. Example commands for detection might include using curl to send test payloads: curl -X POST http://<router-ip>/goform/exeCommand -d "cmdinput=whoami" and observing the response or device behavior. However, no specific detection commands are documented in the provided resources. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or patches have been documented for this vulnerability. The recommended immediate mitigation is to replace the affected Tenda AC9 and AC15 routers running vulnerable firmware version 15.03.05.14 with alternative products that are not affected. Additionally, restricting network access to the router's management interface and monitoring for exploitation attempts can help reduce risk until a fix or patch is available. [3]