CNNVD-202512-4022 Information
Dec 23, 2025
cve
CNNVD ID
CNNVD-202512-4022
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
Tenda WH450是中国腾达(Tenda)公司的一款无线接入点。 Tenda WH450 1.0.0.18版本存在命令注入漏洞,该漏洞源于对组件HTTP Request Handler的文件/goform/CheckTools中参数ipaddress的错误操作,可能导致命令注入。
Description (English)
Tenda WH450 is a wireless access point for Tenda, China. Version Tenda WH450 1.0.0.18 contains a command-injecting loophole, which results from an error in the parameter ipadress in the HTTP Request Handler file/goform/CheckTools, which may lead to the command-injection.
Hazard Level
Medium
Vulnerability Type
命令注入
Affected Vendor
腾达
Published
2025-12-23
Last Modified
2026-02-24
References
https://github.com/z472421519/BinaryAudit/blob/main/PoC/CMD/Tenda_WH450/CheckTools/CheckTools.md#reproduce https://www.tenda.com.cn/ https://vuldb.com/?ctiid.337853 https://vuldb.com/?submit.720885 https://vuldb.com/?id.337853 https://access.redhat.com/security/cve/cve-2025-15048
Share on: