CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-44872

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 76.7%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/Summermu/VulnForIoT/tree/main/Tenda_AC/AC9_formsetUsbUnload
https://github.com/Summermu/VulnForIoT/tree/main/Tenda_AC/AC9_formsetUsbUnload

Products affected by CVE-2025-44872

Tenda » Ac9 » Version: N/A

cpe:2.3:h:tenda:ac9:-
Tenda » Ac9 Firmware » Version: 15.03.06.42_multi

cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-44872

Products

Pricing

Contact Us