CVE-2025-8980

Severity CVSS v4.0:

MEDIUM

Type:

CWE-345 Insufficient Verification of Data Authenticity

Publication date:

14/08/2025

Last modified:

18/08/2025

Description

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P CVSS v4.0 Severity and Metrics:

Base Score: 6.60 MEDIUM
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Attack Vector (AV): Network
Attack Complexity (AC): High
Attack Requirements (AT): None
Privileges Required (PR): High
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None
Exploit Maturity (E): POC

Base Score 4.0

6.60

Severity 4.0

MEDIUM

Vector 3.x

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 6.60 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

6.60

Severity 3.x

MEDIUM

Vector 2.0

AV:N/AC:H/Au:M/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 6.80 MEDIUM
Vector: AV:N/AC:H/Au:M/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): High
Authentication (Au): Multiple
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete