OS Command Injection Vulnerability in Tenda AC7 Router
CVE-2025-1819
Key Information:
Badges
Summary
A security vulnerability in the Tenda AC7 1200M router allows for OS command injection due to improper handling of input within the TendaTelnet function found in the /goform/telnet file. This flaw can be exploited remotely by manipulating the 'lan_ip' argument, potentially granting attackers unauthorized access to execute arbitrary commands on the device. Public disclosure of this vulnerability raises significant concerns for users, as they must take immediate steps to secure their systems against possible exploitation.
Affected Version(s)
AC7 1200M 15.03.06.44
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved