CVE-2025-14286

CWE-200 — Information Exposure CWE-284 — Improper Access Control3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 77.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda AC9 Tenda AC9 Firmware

Timeline

PublishedDec 9

Description

A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5tenda/ac915.03.05.14_multi

▶NVDtenda/ac9_firmware15.03.05.14_multi

🔴Vulnerability Details

GHSA

GHSA-mm27-h58x-qxc3: A vulnerability was determined in Tenda AC9 15↗2025-12-09

▶

CVEList

Tenda AC9 Configuration File DownloadCfg.jpg information disclosure↗2025-12-09

▶