Home

Description

A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.

PUBLISHED Reserved 2025-12-13 | Published 2025-12-13 | Updated 2025-12-13 | Assigner VulDB




MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
LOW: 3.7CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2.6AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Problem types

Use of Weak Hash

Risky Cryptographic Algorithm

Product status

22.03.01.46
affected

Timeline

2025-12-13:Advisory disclosed
2025-12-13:VulDB entry created
2025-12-13:VulDB entry last update

Credits

IOT_Res (VulDB User) reporter

References

vuldb.com/?id.336361 (VDB-336361 | Tenda AX9 httpd image_check weak hash) vdb-entry technical-description

vuldb.com/?ctiid.336361 (VDB-336361 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.707213 (Submit #707213 | Tenda AX9 V22.03.01.46 CWE-327 Use of a Broken or Risky Cryptographic Algorithm) third-party-advisory

github.com/...OT_Firmware_Update/blob/main/Tenda/AX9_Inte.md exploit patch

www.tenda.com.cn/ product

cve.org (CVE-2025-14636)

nvd.nist.gov (CVE-2025-14636)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.