CVE-2025-57639 | THREATINT

Description

OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file.

PUBLISHED Reserved 2025-08-17 | Published 2025-09-23 | Updated 2025-09-24 | Assigner mitre

References

github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda2.md

cve.org (CVE-2025-57639)

nvd.nist.gov (CVE-2025-57639)

Download JSON