CVE-2022-25438: OS Command Injection
First published: Fri Mar 18 2022(Updated: )
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenda Ac9 Firmware | =15.03.2.21 | |
| Tenda AC9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-25438?
CVE-2022-25438 is a remote command execution (RCE) vulnerability found in Tenda AC9 v15.03.2.21 firmware.
How severe is CVE-2022-25438?
CVE-2022-25438 has a severity rating of 9.8 (critical).
How does CVE-2022-25438 affect Tenda AC9?
CVE-2022-25438 allows remote attackers to execute arbitrary commands on Tenda AC9 devices running v15.03.2.21 firmware.
Is Tenda AC9 v15.03.2.21 the only affected version?
Yes, Tenda AC9 v15.03.2.21 is the only affected version.
How can I fix CVE-2022-25438?
To fix CVE-2022-25438, users should update their Tenda AC9 firmware to a version that includes the security patch.
- agent/author
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/tenda
- canonical/tenda ac9 firmware
- version/tenda ac9 firmware/15.03.2.21
- canonical/tenda ac9