CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-11121

A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.9%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 6.5

References

https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC18/AdvSetLanip.md
https://vuldb.com/?ctiid.326202
https://vuldb.com/?id.326202
https://vuldb.com/?submit.664191
https://www.tenda.com.cn/
https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/AC18/AdvSetLanip.md

Products affected by CVE-2025-11121

Tenda » Ac18 » Version: N/A

cpe:2.3:h:tenda:ac18:-
Tenda » Ac18 Firmware » Version: 15.03.05.19

cpe:2.3:o:tenda:ac18_firmware:15.03.05.19

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-11121

Products

Pricing

Contact Us