Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for cp6_firmware by tenda

    CVE-2025-9828 (GCVE-0-2025-9828)

    Vulnerability from nvd – Published: 2025-09-02 17:02 – Updated: 2025-09-02 20:35
    VLAI
    Title
    Tenda CP6 uhttp sub_2B7D04 risky encryption
    Summary
    A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Risky Cryptographic Algorithm
    • CWE-310 - Cryptographic Issues
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.322175 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.322175 signaturepermissions-required
    https://vuldb.com/?submit.641566 third-party-advisory
    https://github.com/IOTRes/IOT_Firmware_Update/blo… exploitpatch
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda CP6 Affected: 11.10.00.243
    Create a notification for this product.
    Credits
    IOT_Res (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9828",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T20:35:40.528698Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-02T20:35:45.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "uhttp"
              ],
              "product": "CP6",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.10.00.243"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "IOT_Res (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized."
            },
            {
              "lang": "de",
              "value": "In Tenda CP6 11.10.00.243 ist eine Schwachstelle entdeckt worden. Es geht hierbei um die Funktion sub_2B7D04 der Komponente uhttp. Durch das Manipulieren mit unbekannten Daten kann eine risky cryptographic algorithm-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "Cryptographic Issues",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-02T17:02:08.742Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-322175 | Tenda CP6 uhttp sub_2B7D04 risky encryption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.322175"
            },
            {
              "name": "VDB-322175 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.322175"
            },
            {
              "name": "Submit #641566 | Tenda CP6 V11.10.00.243 CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.641566"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/CP6.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-02T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-02T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-02T14:25:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda CP6 uhttp sub_2B7D04 risky encryption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9828",
        "datePublished": "2025-09-02T17:02:08.742Z",
        "dateReserved": "2025-09-02T12:20:19.714Z",
        "dateUpdated": "2025-09-02T20:35:45.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9828 (GCVE-0-2025-9828)

    Vulnerability from cvelistv5 – Published: 2025-09-02 17:02 – Updated: 2025-09-02 20:35
    VLAI
    Title
    Tenda CP6 uhttp sub_2B7D04 risky encryption
    Summary
    A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Risky Cryptographic Algorithm
    • CWE-310 - Cryptographic Issues
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.322175 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.322175 signaturepermissions-required
    https://vuldb.com/?submit.641566 third-party-advisory
    https://github.com/IOTRes/IOT_Firmware_Update/blo… exploitpatch
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda CP6 Affected: 11.10.00.243
    Create a notification for this product.
    Credits
    IOT_Res (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9828",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T20:35:40.528698Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-02T20:35:45.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "uhttp"
              ],
              "product": "CP6",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.10.00.243"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "IOT_Res (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized."
            },
            {
              "lang": "de",
              "value": "In Tenda CP6 11.10.00.243 ist eine Schwachstelle entdeckt worden. Es geht hierbei um die Funktion sub_2B7D04 der Komponente uhttp. Durch das Manipulieren mit unbekannten Daten kann eine risky cryptographic algorithm-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "Cryptographic Issues",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-02T17:02:08.742Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-322175 | Tenda CP6 uhttp sub_2B7D04 risky encryption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.322175"
            },
            {
              "name": "VDB-322175 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.322175"
            },
            {
              "name": "Submit #641566 | Tenda CP6 V11.10.00.243 CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.641566"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/CP6.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-02T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-02T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-02T14:25:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda CP6 uhttp sub_2B7D04 risky encryption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9828",
        "datePublished": "2025-09-02T17:02:08.742Z",
        "dateReserved": "2025-09-02T12:20:19.714Z",
        "dateUpdated": "2025-09-02T20:35:45.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }