CVE-2025-14636
BaseFortify
Publication date: 2025-12-13
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ax9_firmware | 22.03.01.46 |
| tenda | ax9 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-328 | The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack). |
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in the Tenda AX9 router's httpd component, specifically in the image_check function. It involves the use of a weak hash, which can be exploited remotely. The attack is of high complexity and difficult to execute, but an exploit has been publicly released.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to remotely exploit the device by leveraging the weak hash in the image_check function. While the attack is difficult to perform, successful exploitation could lead to integrity issues, such as unauthorized modification of data or firmware, potentially compromising the device's security.