CVE-2025-14636 – This vulnerability in Tenda AX9 routers allows ... (How to Fix)

Q: What is the severity of CVE-2025-14636?

CVE-2025-14636 has a CVSS score of 3.7 (LOW). This vulnerability in Tenda AX9 routers allows attackers to exploit weak hash functions in the firmware update mechanism via the httpd component. Attackers could potentially upload malicious firmware images, though exploitation requires high complexity. All users of affected Tenda AX9 routers are at risk.

📋 TL;DR

This vulnerability in Tenda AX9 routers allows attackers to exploit weak hash functions in the firmware update mechanism via the httpd component. Attackers could potentially upload malicious firmware images, though exploitation requires high complexity. All users of affected Tenda AX9 routers are at risk.

💻 Affected Systems

Products:

Tenda AX9

Versions: 22.03.01.46

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific firmware version; other Tenda models may have similar issues but are not confirmed.

📦 What is this software?

Ax9 Firmware by Tenda

View all CVEs affecting Ax9 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers could upload malicious firmware to compromise the router, potentially gaining persistent access, intercepting network traffic, or using it as a foothold into internal networks.

🟠

Likely Case

Limited impact due to high exploitation complexity; attackers would need to bypass other security controls to achieve meaningful compromise.

🟢

If Mitigated

With proper network segmentation and monitoring, impact would be minimal even if exploited.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Exploit details are publicly available but require significant technical skill to weaponize effectively.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router administration interface

Network Segmentation

all

Isolate router management interface to trusted network segments only

🧯 If You Can't Patch

Replace affected routers with patched or different models
Implement strict network access controls to limit exposure of router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface; if version is 22.03.01.46, device is vulnerable.

Check Version:

Check via router web interface or SSH if enabled: cat /proc/version or similar router-specific commands

Verify Fix Applied:

Verify firmware version has been updated to a version later than 22.03.01.46.

📡 Detection & Monitoring

Log Indicators:

Unusual firmware update attempts
HTTP requests to image_check endpoint with suspicious payloads

Network Indicators:

Unexpected traffic to router management ports from external sources
Firmware download attempts from unusual sources

SIEM Query:

source_ip=external AND dest_port=80 AND uri_path CONTAINS 'image_check'

📊 Metadata

CVE ID: CVE-2025-14636

CVSS v3 Score: 3.7 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-327

EPSS Score: 0.06% exploit probability (19.6th percentile)

Published: December 13, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AX9_Inte.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.336361 Permissions Required,VDB Entry
https://vuldb.com/?id.336361 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.707213 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14636, you might also want to check these: