CVE-2025-14636
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-14636, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-13

Last updated on: 2026-04-29

Assigner: VulDB

Description

A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-13
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2025-12-13
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
tenda ax9_firmware 22.03.01.46
tenda ax9 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-328 The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a security flaw in the Tenda AX9 router's httpd component, specifically in the image_check function. It involves the use of a weak hash, which can be exploited remotely. The attack is of high complexity and difficult to execute, but an exploit has been publicly released.

Impact Analysis

The vulnerability can allow an attacker to remotely exploit the device by leveraging the weak hash in the image_check function. While the attack is difficult to perform, successful exploitation could lead to integrity issues, such as unauthorized modification of data or firmware, potentially compromising the device's security.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14636. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart