CVE-2025-7414

CWE-77Command InjectionCWE-78OS Command Injection4 documents4 sources
Severity
5.3MEDIUM
EPSS
1.2%
top 21.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda O3v2Tenda O3 Firmware
Timeline
PublishedJul 10

Description

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/o3v21.0.0.12(3880)
NVDtenda/o3_firmware1.0.0.12\(3880\)

🔴Vulnerability Details

3
CVEList
Tenda O3V2 httpd setPingInfo fromNetToolGet os command injection2025-07-10
GHSA
GHSA-f7g5-v882-wpqx: A vulnerability classified as critical was found in Tenda O3V2 12025-07-10
VulnCheck
Tenda o3_firmware Improper Neutralization of Special Elements used in a Command ('Command Injection')2025