Login Sign Up

CVE-2025-10442

6.3 MEDIUM
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary operating system commands on Tenda AC9 and AC15 routers through command injection in the formexeCommand function. Attackers can exploit this without authentication to gain full control of affected devices. Users running vulnerable firmware versions are at risk.

💻 Affected Systems

Products:
  • Tenda AC9
  • Tenda AC15
Versions: 15.03.05.14
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with web management interface accessible. Default configurations typically expose this interface.

📦 What is this software?

Ac15 Firmware by Tenda

View all CVEs affecting Ac15 Firmware →

Ac9 Firmware by Tenda

View all CVEs affecting Ac9 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with persistent backdoor installation, credential theft, network traffic interception, and lateral movement to internal devices.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential harvesting, and botnet recruitment.

🟢

If Mitigated

Limited impact with proper network segmentation and firewall rules preventing external access to router admin interface.

🌐 Internet-Facing: HIGH - Remote exploitation is possible without authentication, making internet-exposed devices immediate targets.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but requires network access to router admin interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept available. Exploitation requires sending crafted HTTP POST requests to /goform/exeCommand endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda for latest firmware > 15.03.05.14

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to firmware upgrade section. 3. Download latest firmware from Tenda website. 4. Upload and install firmware. 5. Reboot router.

🔧 Temporary Workarounds

Disable WAN access to admin interface

all

Prevent external access to router management interface

Network segmentation

all

Isolate router management interface to dedicated VLAN

🧯 If You Can't Patch

  • Replace affected routers with patched or alternative models
  • Implement strict firewall rules blocking all external access to router IP on ports 80/443

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Status or About page

Check Version:

Login to router web interface and navigate to system information page

Verify Fix Applied:

Verify firmware version is greater than 15.03.05.14 and test endpoint with safe payload

📡 Detection & Monitoring

Log Indicators:

  • HTTP POST requests to /goform/exeCommand with unusual parameters
  • System logs showing unexpected command execution

Network Indicators:

  • Unusual outbound connections from router
  • Traffic patterns suggesting command and control

SIEM Query:

http.url:"/goform/exeCommand" AND http.method:POST AND (cmdinput:* OR *cmdinput*)

📊 Metadata

CVE ID: CVE-2025-10442
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-77
EPSS Score: 0.37% exploit probability (58.3th percentile)
Published: September 15, 2025
Last Updated: September 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10442, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)