Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-8980

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-14 Aug, 2025 | 19:32
Updated At-14 Aug, 2025 | 19:50
Rejected At-
Credits

Tenda G1 Firmware Update check_upload_file data authenticity

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:14 Aug, 2025 | 19:32
Updated At:14 Aug, 2025 | 19:50
Rejected At:
▼CVE Numbering Authority (CNA)
Tenda G1 Firmware Update check_upload_file data authenticity

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Affected Products
Vendor
Tenda Technology Co., Ltd.Tenda
Product
G1
Modules
  • Firmware Update Handler
Versions
Affected
  • 16.01.7.8(3660)
Problem Types
TypeCWE IDDescription
CWECWE-345Insufficient Verification of Data Authenticity
Type: CWE
CWE ID: CWE-345
Description: Insufficient Verification of Data Authenticity
Metrics
VersionBase scoreBase severityVector
4.07.5HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3.16.6MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
3.06.6MEDIUM
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
2.06.8N/A
AV:N/AC:H/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Version: 3.0
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Version: 2.0
Base score: 6.8
Base severity: N/A
Vector:
AV:N/AC:H/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
IOT_Res (VulDB User)
Timeline
EventDate
Advisory disclosed2025-08-13 00:00:00
VulDB entry created2025-08-13 02:00:00
VulDB entry last update2025-08-13 18:52:37
Event: Advisory disclosed
Date: 2025-08-13 00:00:00
Event: VulDB entry created
Date: 2025-08-13 02:00:00
Event: VulDB entry last update
Date: 2025-08-13 18:52:37
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.319976
vdb-entry
technical-description
https://vuldb.com/?ctiid.319976
signature
permissions-required
https://vuldb.com/?submit.628605
third-party-advisory
https://vuldb.com/?submit.628606
third-party-advisory
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Inte.md
patch
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Auth.md
exploit
patch
https://www.tenda.com.cn/
product
Hyperlink: https://vuldb.com/?id.319976
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.319976
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.628605
Resource:
third-party-advisory
Hyperlink: https://vuldb.com/?submit.628606
Resource:
third-party-advisory
Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Inte.md
Resource:
patch
Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Auth.md
Resource:
exploit
patch
Hyperlink: https://www.tenda.com.cn/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:14 Aug, 2025 | 20:15
Updated At:18 Aug, 2025 | 15:04

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.6MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.6MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary2.06.8MEDIUM
AV:N/AC:H/Au:M/C:C/I:C/A:C
Type: Secondary
Version: 4.0
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:H/Au:M/C:C/I:C/A:C
CPE Matches
Tenda Technology Co., Ltd.
tenda
>>g1_firmware>>16.01.7.8\(3660\)
cpe:2.3:o:tenda:g1_firmware:16.01.7.8\(3660\):*:*:*:*:*:*:*
Tenda Technology Co., Ltd.
tenda
>>g1>>-
cpe:2.3:h:tenda:g1:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-345Primarycna@vuldb.com
CWE ID: CWE-345
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Auth.mdcna@vuldb.com
Third Party Advisory
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Inte.mdcna@vuldb.com
Third Party Advisory
https://vuldb.com/?ctiid.319976cna@vuldb.com
Permissions Required
https://vuldb.com/?id.319976cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.628605cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.628606cna@vuldb.com
Third Party Advisory
VDB Entry
https://www.tenda.com.cn/cna@vuldb.com
Product
Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Auth.md
Source: cna@vuldb.com
Resource:
Third Party Advisory
Hyperlink: https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Inte.md
Source: cna@vuldb.com
Resource:
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.319976
Source: cna@vuldb.com
Resource:
Permissions Required
Hyperlink: https://vuldb.com/?id.319976
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.628605
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.628606
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.tenda.com.cn/
Source: cna@vuldb.com
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2025-8979
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.33%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 19:32
Updated-18 Aug, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 Firmware Update check_fw data authenticity

A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15ac15_firmwareAC15
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2025-8978
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.21%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 19:02
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-619L boa FirmwareUpgrade data authenticity

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-DIR-619L
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
Details not found