CVE-2022-25441: OS Command Injection
First published: Fri Mar 18 2022(Updated: )
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenda Ac9 Firmware | =15.03.2.21 | |
| Tenda AC9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-25441?
CVE-2022-25441 is a remote command execution (RCE) vulnerability in Tenda AC9 v15.03.2.21 via the vlanid parameter in the SetIPTVCfg function.
How severe is CVE-2022-25441?
CVE-2022-25441 has a severity rating of 9.8 (Critical).
How does CVE-2022-25441 affect Tenda AC9 v15.03.2.21?
CVE-2022-25441 allows remote attackers to execute arbitrary commands on Tenda AC9 v15.03.2.21 by exploiting the vulnerability in the vlanid parameter of the SetIPTVCfg function.
Is Tenda AC9 v15.03.2.21 the only affected version?
Yes, Tenda AC9 v15.03.2.21 is the only affected version.
How can I fix CVE-2022-25441?
To fix CVE-2022-25441, it is recommended to update Tenda AC9 firmware to a version that addresses the vulnerability.
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/tenda
- canonical/tenda ac9 firmware
- version/tenda ac9 firmware/15.03.2.21
- canonical/tenda ac9