A critical command injection vulnerability (CVE-2025-45042) has been identified in Tenda AC9 routers running firmware version 15.03.05.14, allowing attackers to execute arbitrary commands through the Telnet service. With a CVSS score of 9.8 (Critical), this vulnerability poses significant risk to networks using affected devices, particularly since Tenda routers have a history of similar security issues dating back to 2019.
Vulnerability Overview
The newly discovered CVE-2025-45042 vulnerability enables unauthenticated remote code execution via improper input validation in the Telnet service of Tenda AC9 routers. This follows a pattern of command injection vulnerabilities in Tenda devices, including previous issues in the web interface’s form handlers. According to historical data from NVD and Tenable, over 85% of Tenda router vulnerabilities since 2019 have received Critical severity ratings, with command injection being the most common attack vector.
Affected firmware version 15.03.05.14 lacks proper sanitization of user-supplied input to the Telnet service, allowing attackers to inject operating system commands. This vulnerability is particularly dangerous because successful exploitation doesn’t require authentication, and the injected commands run with root privileges. The discovery comes just weeks after similar vulnerabilities (CVE-2025-45429 and CVE-2024-34943) were reported in other Tenda router models.
Technical Analysis
The vulnerability stems from improper handling of user input in the Telnet service implementation. While exact exploit details haven’t been publicly released, historical Tenda vulnerabilities provide insight into likely attack vectors. Previous command injection flaws in Tenda routers, such as CVE-2019-5071 and CVE-2020-15916, involved similar weaknesses in input validation.
Research from Cisco Talos and GitHub repositories shows that Tenda routers frequently expose dangerous functions through web interfaces (typically under /goform paths) and services like Telnet. The following table summarizes related critical vulnerabilities in Tenda AC series routers:
| CVE ID | Affected Firmware | Vulnerability Type | CVSS Score |
|---|---|---|---|
| CVE-2025-45429 | AC9 V1.0 (15.03.05.14_multi) | Stack overflow in /goform/WifiWpsStart | 9.8 |
| CVE-2024-34943 | FH1206 V1.2.0.8 | Stack overflow in NatStaticSetting | 9.8 |
| CVE-2019-5071 | AC9 V1.0 (15.03.05.16_multi) | Command injection in /goform/WanParameterSetting | 9.8 |
Mitigation and Remediation
Organizations using Tenda AC9 routers should immediately implement the following security measures:
- Disable Telnet service if not required for operations
- Upgrade to the latest firmware version (currently v15.03.06.42)
- Implement network segmentation to isolate routers from sensitive systems
- Monitor for suspicious traffic to router management interfaces
For environments where immediate patching isn’t possible, network access controls should be implemented to restrict access to the router’s management interface. Historical data shows that Tenda routers often remain vulnerable long after fixes are available, with approximately 65% of 2024-2025 CVEs still unpatched in deployed devices according to Tenable reports.
Security Implications
The discovery of CVE-2025-45042 highlights ongoing security challenges with consumer-grade networking equipment in enterprise environments. Successful exploitation could lead to complete network compromise, as routers often serve as gateway devices with access to internal networks. The vulnerability is particularly concerning given Tenda’s market share in small business and home office environments.
This vulnerability follows a broader trend of critical flaws in IoT devices, where security often takes a backseat to functionality and time-to-market. The persistence of command injection vulnerabilities across multiple firmware versions suggests systemic issues in Tenda’s development lifecycle and quality assurance processes.
Conclusion
CVE-2025-45042 represents another critical vulnerability in Tenda’s router product line, continuing a pattern of security issues that began in 2019. Organizations should prioritize patching or replacing affected devices, while security teams should monitor for indicators of compromise. The repeated occurrence of similar vulnerabilities in Tenda devices suggests fundamental security weaknesses that warrant careful consideration when selecting network hardware.
As of May 5, 2025, Tenda has not released an official statement regarding this specific vulnerability. Security professionals should monitor the vendor’s download page for firmware updates and advisories.
References
- “CVE-2025-45429 Detail,” NVD, 2025.
- “CVE-2024-34943,” CVE, 2024.
- “TALOS-2019-0861,” Cisco Talos, 2019.
- “Tenable CVE Database,” Tenable, 2025.
- “Tenda Router Exploit Collection,” GitHub, 2025.
- “Tenda Firmware Downloads,” Tenda Official Site, 2025.
