CVE-2025-8980

Published: Aug 14, 2025Modified: Aug 18, 2025

6.6

Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Tenda: G1 Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda G1 Firmware	Version 16.01.7.8(3660)

Running on/with	Platform Versions
Tenda G1	All versions

Related CWEs

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (7)

https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Auth.md

Source: cna@vuldb.com

Third Party Advisory

https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/G1_Inte.md

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?ctiid.319976

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?id.319976

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.628605

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.628606

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.tenda.com.cn/

Source: cna@vuldb.com

Product

Timeline

No history available yet.