CVE-2025-10442

CVE-2025-10442 affects Tenda AC9 and AC15 with firmware 15.03.05.14. The vulnerability is in the function formexeCommand of /goform/exeCommand, where unsanitized cmdinput leads to OS command injection. Remote exploitation is possible and the exploit has been publicly disclosed. Affected devices c...

The vulnerability of the formexeCommand() function in Tenda i21 router microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formexeCommand function in Tenda i21 router microprogramming software is related to the operation that occurs outside the buffer in memory when processing the cmdinput parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality,...

The vulnerability of the formexeCommand function in the wireless access point software Tenda W9 allows a intruder to execute arbitrary code.

The vulnerability of the formexeCommand function in the Tenda W9 wireless access point software exists due to the failure to implement measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...