Tenda AX9 httpd image_check weak hash_CVE-2025-14636

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.

Basic Information

ID CVE-2025-14636

Source VulDB

Published Dec 13, 2025 at 19:02

Affected Product

Vendor Tenda

Product AX9

Version 22.03.01.46

Affected Versions Tenda AX9 22.03.01.46

CWE Classification

CWE-328 CWE-327

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.",
    "published": "2025-12-13T19:02:08.025Z",
    "modified": "2025-12-13T19:02:08.025Z",
    "type": "cve",
    "title": "Tenda AX9 httpd image_check weak hash",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.336361\nhttps://vuldb.com/?ctiid.336361\nhttps://vuldb.com/?submit.707213\nhttps://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AX9_Inte.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-14636",
    "bulletinFamily": "",
    "cwe": [
        "CWE-328",
        "CWE-327"
    ],
    "cvelist": null,
    "sourceData": "Tenda AX9 22.03.01.46",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AX9",
    "version": "22.03.01.46",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}