CVE-2025-8980

CWE-3453 documents3 sources
Severity
6.6MEDIUM
EPSS
0.1%
top 74.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda G1Tenda G1 Firmware
Timeline
PublishedAug 14

Description

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDtenda/g1_firmware16.01.7.8\(3660\)
CVEListV5tenda/g116.01.7.8(3660)

🔴Vulnerability Details

2
CVEList
Tenda G1 Firmware Update check_upload_file data authenticity2025-08-14
GHSA
GHSA-mq67-q3fx-f62h: A vulnerability has been found in Tenda G1 162025-08-14
CVE-2025-8980 (MEDIUM CVSS 6.6) | A vulnerability has been found in T | cvebase.io