CVE-2025-45343

CWE-284Improper Access Control3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.8%
top 26.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda W18e Firmware
Timeline
PublishedMay 28

Description

An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtenda/w18e_firmware16.01.0.11\(2044\)

🔴Vulnerability Details

2
CVEList
CVE-2025-45343: An issue in Tenda W18E v2025-05-28
GHSA
GHSA-8q85-7q4r-xhgc: An issue in Tenda W18E v2025-05-28
CVE-2025-45343 (CRITICAL CVSS 9.8) | An issue in Tenda W18E v.2.0 v.16.0 | cvebase.io