ByteOS Network

Vulnerability Details :

CVE-2025-8979

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-14 Aug, 2025 | 19:32

Updated At-14 Aug, 2025 | 19:53

Tenda AC15 Firmware Update check_fw data authenticity

A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:14 Aug, 2025 | 19:32

Updated At:14 Aug, 2025 | 19:53

▼CVE Numbering Authority (CNA)

Tenda AC15 Firmware Update check_fw data authenticity

Affected Products

Vendor

Tenda Technology Co., Ltd.

Product

AC15

Modules

Firmware Update Handler

Versions

Affected

15.13.07.13

Problem Types

Type	CWE ID	Description
CWE	CWE-345	Insufficient Verification of Data Authenticity

Type: CWE

CWE ID: CWE-345

Description: Insufficient Verification of Data Authenticity

Metrics

Version	Base score	Base severity	Vector
4.0	7.5	HIGH	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3.1	6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
3.0	6.6	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
2.0	6.8	N/A	AV:N/AC:H/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Version: 4.0

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Version: 3.0

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Version: 2.0

Base score: 6.8

Base severity: N/A

Vector:

AV:N/AC:H/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Credits

reporter

IOT_Res (VulDB User)

Timeline

Event	Date
Advisory disclosed	2025-08-13 00:00:00
VulDB entry created	2025-08-13 02:00:00
VulDB entry last update	2025-08-13 18:49:23

Event: Advisory disclosed

Date: 2025-08-13 00:00:00

Event: VulDB entry created

Date: 2025-08-13 02:00:00

Event: VulDB entry last update

Date: 2025-08-13 18:49:23

References

Hyperlink	Resource
https://vuldb.com/?id.319975	vdb-entry technical-description
https://vuldb.com/?ctiid.319975	signature permissions-required
https://vuldb.com/?submit.628602	third-party-advisory
https://vuldb.com/?submit.628603	third-party-advisory
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Auth.md	patch
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Inte.md	exploit patch
https://www.tenda.com.cn/	product

Hyperlink: https://vuldb.com/?id.319975

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.319975

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.628602

Resource:

third-party-advisory

Hyperlink: https://vuldb.com/?submit.628603

Resource:

third-party-advisory

Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Auth.md

Resource:

patch

Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Inte.md

Resource:

exploit

patch

Hyperlink: https://www.tenda.com.cn/

Resource:

product

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:14 Aug, 2025 | 20:15

Updated At:18 Aug, 2025 | 15:03

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.6	MEDIUM	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	2.0	6.8	MEDIUM	AV:N/AC:H/Au:M/C:C/I:C/A:C

Type: Secondary

Version: 4.0

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 6.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:H/Au:M/C:C/I:C/A:C

CPE Matches

Tenda Technology Co., Ltd.

>>ac15_firmware>>15.13.07.13

cpe:2.3:o:tenda:ac15_firmware:15.13.07.13:*:*:*:*:*:*:*

Tenda Technology Co., Ltd.

>>ac15>>-

cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-345	Primary	cna@vuldb.com

CWE ID: CWE-345

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Auth.md	cna@vuldb.com	Exploit Third Party Advisory
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Inte.md	cna@vuldb.com	Exploit Third Party Advisory
https://vuldb.com/?ctiid.319975	cna@vuldb.com	Permissions Required
https://vuldb.com/?id.319975	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.628602	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.628603	cna@vuldb.com	Not Applicable
https://www.tenda.com.cn/	cna@vuldb.com	Product

Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Auth.md

Source: cna@vuldb.com

Resource:

Exploit

Third Party Advisory

Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AC15_Inte.md

Source: cna@vuldb.com

Resource:

Exploit

Third Party Advisory

Hyperlink: https://vuldb.com/?ctiid.319975

Source: cna@vuldb.com

Resource:

Permissions Required

Hyperlink: https://vuldb.com/?id.319975

Source: cna@vuldb.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://vuldb.com/?submit.628602

Source: cna@vuldb.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://vuldb.com/?submit.628603

Source: cna@vuldb.com

Resource:

Not Applicable

Hyperlink: https://www.tenda.com.cn/

Source: cna@vuldb.com

Resource:

Product

Similar CVEs

2Records found

CVE-2025-8980

Matching Score-10

Assigner-VulDB

View Details

Matching Score-10

Assigner-VulDB

CVSS Score-7.5||HIGH

EPSS-0.03% / 7.54%

7 Day CHG~0.00%

Published-14 Aug, 2025 | 19:32

Updated-18 Aug, 2025 | 15:04

Tenda G1 Firmware Update check_upload_file data authenticity

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Vendor-Tenda Technology Co., Ltd.

Product-g1 g1_firmware G1

CWE ID-CWE-345

Insufficient Verification of Data Authenticity

CVE-2025-8978

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.21%

7 Day CHG~0.00%

Published-14 Aug, 2025 | 19:02

Updated-15 Aug, 2025 | 13:12

D-Link DIR-619L boa FirmwareUpgrade data authenticity

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Vendor-D-Link Corporation

Product-DIR-619L

CWE ID-CWE-345

Insufficient Verification of Data Authenticity

CVE-2025-8979

Credits

Tenda AC15 Firmware Update check_fw data authenticity

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs