CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-45343: An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the...

Description

An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.

Classification

CVE ID: CVE-2025-45343

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 22.84% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: total

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2025-45343
https://www.tenda.com.cn/
http://w18e.com
https://gist.github.com/isstabber/b363d47966965e5c0a8ec26d445e090b

Timeline

2025-05-28 16:40:20 UTC
CVE

An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the...