CVE-2025-4357 — Injection in RX3

CWE-74 — Injection CWE-77 — Command Injection3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

7.0%

top 8.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda RX3 Tenda RX3 Firmware

Timeline

PublishedMay 6

Description

A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5tenda/rx316.03.13.11_multi

▶NVDtenda/rx3_firmware16.03.13.11_multi

🔴Vulnerability Details

CVEList

Tenda RX3 telnet command injection↗2025-05-06

▶

GHSA

GHSA-w2f7-j56m-cq8j: A vulnerability was found in Tenda RX3 16↗2025-05-06

▶