CVE-2025-14636Use of a Broken or Risky Cryptographic Algorithm in AX9

CWE-327Use of a Broken or Risky Cryptographic AlgorithmCWE-328Use of Weak Hash3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.1%
top 76.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda AX9Tenda AX9 Firmware
Timeline
PublishedDec 13

Description

A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ax922.03.01.46
NVDtenda/ax9_firmware22.03.01.46

🔴Vulnerability Details

2
GHSA
GHSA-9xfq-8p97-mf3j: A security flaw has been discovered in Tenda AX9 222025-12-13
CVEList
Tenda AX9 httpd image_check weak hash2025-12-13
CVE-2025-14636 — Tenda AX9 vulnerability | cvebase