CVE-2025-57296Command Injection in AC6 Firmware

CWE-77Command Injection5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
1.3%
top 19.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda AC6 Firmware
Timeline
PublishedSep 19
Latest updateSep 22

Description

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the sub_ADBC0 helper function concatenates these user-supplied values into nvram set system commands using doSystemCmd, without validating or sanitizing special characters (e.g., ;, ", #). An unauthenticated or authenticated attacker can exploit this by submitting a crafted POS

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

NVDtenda/ac6_firmware15.03.05.19

🔴Vulnerability Details

3
GHSA
GHSA-4jwf-c7mx-j34w: Tenda AC6 router firmware 152025-09-22
CVEList
CVE-2025-57296: Tenda AC6 router firmware 152025-09-19
VulnCheck
Tenda ac6_firmware Improper Neutralization of Special Elements used in a Command ('Command Injection')2025

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Tenda SetIPTVCfg list Parameter Command Injection Attempt (CVE-2025-57296)2025-09-19
CVE-2025-57296 — Command Injection in Tenda | cvebase