CVE-2025-45042 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-45042?

CVE-2025-45042 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary commands on Tenda AC9 routers via the Telnet service. Attackers can gain full control of affected devices, potentially compromising network security. Users running Tenda AC9 v15.03.05.14 are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on Tenda AC9 routers via the Telnet service. Attackers can gain full control of affected devices, potentially compromising network security. Users running Tenda AC9 v15.03.05.14 are affected.

💻 Affected Systems

Products:

Tenda AC9

Versions: v15.03.05.14

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Telnet service may be enabled by default on affected firmware versions.

📦 What is this software?

Ac9 Firmware by Tenda

View all CVEs affecting Ac9 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to network compromise, data exfiltration, lateral movement to other devices, and persistent backdoor installation.

🟠

Likely Case

Router compromise allowing traffic interception, DNS hijacking, credential theft, and use as botnet node.

🟢

If Mitigated

Limited impact if Telnet is disabled and device is isolated from untrusted networks.

🌐 Internet-Facing: HIGH - Routers with Telnet exposed to internet are immediately vulnerable to remote exploitation.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal devices could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available in GitHub repository. Command injection via Telnet requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Check Tenda official website for firmware updates. If update available, download and flash via web interface.

🔧 Temporary Workarounds

Disable Telnet Service

linux

Turn off Telnet service to prevent exploitation of this vulnerability

telnetd stop
killall telnetd

Block Telnet Port

linux

Block incoming Telnet connections at firewall

iptables -A INPUT -p tcp --dport 23 -j DROP

🧯 If You Can't Patch

Isolate affected routers from internet and untrusted networks
Implement network segmentation to limit lateral movement

🔍 How to Verify

Check if Vulnerable:

Check if Telnet service is running on port 23 and firmware version is v15.03.05.14

Check Version:

cat /proc/version | grep -i tenda

Verify Fix Applied:

Verify Telnet service is disabled and no longer responding on port 23

📡 Detection & Monitoring

Log Indicators:

Unusual Telnet connection attempts
Suspicious command execution in system logs
Multiple failed Telnet authentication attempts

Network Indicators:

Telnet traffic to router from unexpected sources
Outbound connections from router to suspicious IPs

SIEM Query:

source="router_logs" AND ("telnet" OR "port 23") AND ("command" OR "exec" OR "injection")

📊 Metadata

CVE ID: CVE-2025-45042

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 3.87% exploit probability (88th percentile)

Published: May 5, 2025

Last Updated: May 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45042, you might also want to check these: