Tenda AC7 AdvSetLanip command injection_CVE-2025-11523

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

Basic Information

ID CVE-2025-11523

Source VulDB

Published Oct 9, 2025 at 01:02

Affected Product

Vendor Tenda

Product AC7

Version 15.03.06.44

Affected Versions Tenda AC7 15.03.06.44

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.",
    "published": "2025-10-09T01:02:07.640Z",
    "modified": "2025-10-09T01:02:07.640Z",
    "type": "cve",
    "title": "Tenda AC7 AdvSetLanip command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327661\nhttps://vuldb.com/?ctiid.327661\nhttps://vuldb.com/?submit.669849\nhttps://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC7/AdvSetLanip.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-11523",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC7 15.03.06.44",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC7",
    "version": "15.03.06.44",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}