CVE-2025-5606 – This critical vulnerability in Tenda AC18 route... (How to Fix)

Q: What is the severity of CVE-2025-5606?

CVE-2025-5606 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in Tenda AC18 routers allows remote attackers to execute arbitrary commands via command injection in the formSetIptv function. Attackers can exploit this to take control of affected routers. Users of Tenda AC18 routers with vulnerable firmware are affected.

📋 TL;DR

This critical vulnerability in Tenda AC18 routers allows remote attackers to execute arbitrary commands via command injection in the formSetIptv function. Attackers can exploit this to take control of affected routers. Users of Tenda AC18 routers with vulnerable firmware are affected.

💻 Affected Systems

Products:

Tenda AC18

Versions: 15.03.05.05

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All routers running this specific firmware version are vulnerable by default. No special configuration required.

📦 What is this software?

Ac18 Firmware by Tenda

View all CVEs affecting Ac18 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router allowing attacker to pivot to internal network, intercept/modify traffic, install persistent malware, or use router as botnet node.

🟠

Likely Case

Router compromise leading to DNS hijacking, credential theft, or denial of service.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH - Attack can be initiated remotely without authentication, making internet-exposed routers immediate targets.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access, but requires specific targeting.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available. Attack requires sending crafted HTTP request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Block External Access

linux

Prevent WAN access to router admin interface

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Disable IPTV Feature

all

Turn off IPTV functionality if not needed

🧯 If You Can't Patch

Isolate router in separate VLAN with strict firewall rules
Implement network monitoring for suspicious HTTP requests to /goform/SetIPTVCfg

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 15.03.05.05, system is vulnerable.

Check Version:

Check via router web interface at System Status or similar section

Verify Fix Applied:

After firmware update, verify version is higher than 15.03.05.05 and test that crafted requests to /goform/SetIPTVCfg no longer execute commands.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /goform/SetIPTVCfg with unusual parameters
Command execution attempts in system logs

Network Indicators:

Unusual outbound connections from router
HTTP requests containing shell metacharacters like ;, |, &, $()

SIEM Query:

source="router_logs" AND (url="/goform/SetIPTVCfg" OR (method="POST" AND uri CONTAINS "SetIPTVCfg"))

📊 Metadata

CVE ID: CVE-2025-5606

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.9% exploit probability (75.2th percentile)

Published: June 4, 2025

Last Updated: June 10, 2025

🔗 References

https://lavender-bicycle-a5a.notion.site/Tenda-AC18-formSetIptv-20653a41781f8077b67af003423cf1da?source=copy_link Exploit,Third Party Advisory
https://vuldb.com/?ctiid.311092 Permissions Required
https://vuldb.com/?id.311092 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.588933 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product
https://lavender-bicycle-a5a.notion.site/Tenda-AC18-formSetIptv-20653a41781f8077b67af003423cf1da Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5606, you might also want to check these: