CVE-2025-8979 – This vulnerability in Tenda AC15 routers allows... (How to Fix)

Q: What is the severity of CVE-2025-8979?

CVE-2025-8979 has a CVSS score of 6.6 (MEDIUM). This vulnerability in Tenda AC15 routers allows attackers to bypass firmware update authentication checks, potentially enabling malicious firmware installation. It affects users of Tenda AC15 routers with firmware version 15.13.07.13. The attack requires remote access but has high complexity.

📋 TL;DR

This vulnerability in Tenda AC15 routers allows attackers to bypass firmware update authentication checks, potentially enabling malicious firmware installation. It affects users of Tenda AC15 routers with firmware version 15.13.07.13. The attack requires remote access but has high complexity.

💻 Affected Systems

Products:

Tenda AC15

Versions: 15.13.07.13

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the firmware update handler component specifically.

📦 What is this software?

Ac15 Firmware by Tenda

View all CVEs affecting Ac15 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing persistent backdoor installation, network traffic interception, and lateral movement to connected devices.

🟠

Likely Case

Router compromise leading to network disruption, DNS hijacking, or credential theft from connected devices.

🟢

If Mitigated

Limited impact if firmware updates are disabled and network segmentation isolates the router.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploit details are publicly available but exploitation is described as difficult.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: NONE

Restart Required: No

Instructions:

Check Tenda official website for firmware updates. If available, download and install through router admin interface.

🔧 Temporary Workarounds

Disable Remote Firmware Updates

all

Prevent unauthorized firmware updates by disabling remote update functionality

Network Segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Disable WAN-side management access to router admin interface
Implement network monitoring for unexpected firmware update attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 15.13.07.13, device is vulnerable.

Check Version:

Login to router admin interface and check Firmware/System Status page

Verify Fix Applied:

Verify firmware version has been updated to a version later than 15.13.07.13

📡 Detection & Monitoring

Log Indicators:

Unexpected firmware update attempts
Authentication failures in firmware update logs

Network Indicators:

Unusual HTTP POST requests to firmware update endpoints
Traffic to known exploit repositories

SIEM Query:

source="router_logs" AND (event="firmware_update" OR url="*/goform/firmwareUpdate*")

📊 Metadata

CVE ID: CVE-2025-8979

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-345

EPSS Score: 0.17% exploit probability (38.5th percentile)

Published: August 14, 2025

Last Updated: August 18, 2025

🔗 References

https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Auth.md Exploit,Third Party Advisory
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Inte.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.319975 Permissions Required
https://vuldb.com/?id.319975 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.628602 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.628603 Not Applicable
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8979, you might also want to check these: