ByteOS Network

NVD Vulnerability Details :

CVE-2025-8980

Analyzed

Source-cna@vuldb.com

Published At-14 Aug, 2025 | 20:15

Updated At-18 Aug, 2025 | 15:04

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.6	MEDIUM	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	2.0	6.8	MEDIUM	AV:N/AC:H/Au:M/C:C/I:C/A:C

CPE Matches

Tenda Technology Co., Ltd.

>>g1_firmware>>16.01.7.8\(3660\)

cpe:2.3:o:tenda:g1_firmware:16.01.7.8\(3660\):*:*:*:*:*:*:*

Tenda Technology Co., Ltd.

>>g1>>-

cpe:2.3:h:tenda:g1:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-345	Primary	cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Auth.md	cna@vuldb.com	Third Party Advisory
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Inte.md	cna@vuldb.com	Third Party Advisory
https://vuldb.com/?ctiid.319976	cna@vuldb.com	Permissions Required
https://vuldb.com/?id.319976	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.628605	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.628606	cna@vuldb.com	Third Party Advisory VDB Entry
https://www.tenda.com.cn/	cna@vuldb.com	Product

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History