Tenda TDSEE App har 1.7.12 Password Reset Confirmation Code /app/ConfirmSmsCode Bayani fitowa

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a Tenda TDSEE App har 1.7.12. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /app/ConfirmSmsCode, a cikin sashen Password Reset Confirmation Code Handler. A sa manipulation ka Bayani fitowa. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-307. Hakika, rauni an bayyana shi 06/08/2025. An raba bayanin tsaro don saukewa a blog.kevgen.ru. Wannan matsala ana saninta da CVE-2025-5864. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $0-$5k. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

5 Goyarwa · 105 Datenpunkte

FurɗeSúgá
06/08/2025 15:35		Gargadi 1/4
06/08/2025 19:25		Gargadi 2/4
06/08/2025 19:28		Gargadi 3/4
06/09/2025 09:07		Gargadi 4/4
06/09/2025 10:02
software_vendorTendaTendaTendaTendaTenda
software_nameTDSEE AppTDSEE AppTDSEE AppTDSEE AppTDSEE App
software_version<=1.7.12<=1.7.12<=1.7.12<=1.7.12<=1.7.12
software_componentPassword Reset Confirmation Code HandlerPassword Reset Confirmation Code HandlerPassword Reset Confirmation Code HandlerPassword Reset Confirmation Code HandlerPassword Reset Confirmation Code Handler
software_file/app/ConfirmSmsCode/app/ConfirmSmsCode/app/ConfirmSmsCode/app/ConfirmSmsCode/app/ConfirmSmsCode
vulnerability_cweCWE-307 (Bayani fitowa)CWE-307 (Bayani fitowa)CWE-307 (Bayani fitowa)CWE-307 (Bayani fitowa)CWE-307 (Bayani fitowa)
vulnerability_risk11111
cvss3_vuldb_avNNNNN
cvss3_vuldb_acHHHHH
cvss3_vuldb_prNNNNN
cvss3_vuldb_uiNNNNN
cvss3_vuldb_sUUUUU
cvss3_vuldb_cLLLLL
cvss3_vuldb_iNNNNN
cvss3_vuldb_aNNNNN
cvss3_vuldb_ePPPPP
cvss3_vuldb_rlOOOOO
cvss3_vuldb_rcCCCCC
advisory_urlhttps://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/
exploit_availability11111
exploit_publicity11111
exploit_urlhttps://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.mdhttps://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.mdhttps://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.mdhttps://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.mdhttps://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.md
countermeasure_nameGargajiyaGargajiyaGargajiyaGargajiyaGargajiya
upgrade_version1.7.151.7.151.7.151.7.151.7.15
source_cveCVE-2025-5864CVE-2025-5864CVE-2025-5864CVE-2025-5864CVE-2025-5864
cna_responsibleVulDBVulDBVulDBVulDBVulDB
software_typeRouter Operating SystemNetwork Camera SoftwareNetwork Camera SoftwareNetwork Camera SoftwareNetwork Camera Software
cvss2_vuldb_avNNNNN
cvss2_vuldb_acHHHHH
cvss2_vuldb_auNNNNN
cvss2_vuldb_ciPPPPP
cvss2_vuldb_iiNNNNN
cvss2_vuldb_aiNNNNN
cvss2_vuldb_ePOCPOCPOCPOCPOC
cvss2_vuldb_rcCCCCC
cvss2_vuldb_rlOFOFOFOFOF
cvss4_vuldb_avNNNNN
cvss4_vuldb_acHHHHH
cvss4_vuldb_prNNNNN
cvss4_vuldb_uiNNNNN
cvss4_vuldb_vcLLLLL
cvss4_vuldb_viNNNNN
cvss4_vuldb_vaNNNNN
cvss4_vuldb_ePPPPP
cvss4_vuldb_atNNNNN
cvss4_vuldb_scNNNNN
cvss4_vuldb_siNNNNN
cvss4_vuldb_saNNNNN
cvss2_vuldb_basescore2.62.62.62.62.6
cvss2_vuldb_tempscore2.02.02.02.02.0
cvss3_vuldb_basescore3.73.73.73.73.7
cvss3_vuldb_tempscore3.43.43.43.43.4
cvss3_meta_basescore3.73.75.54.94.9
cvss3_meta_tempscore3.43.45.24.74.7
cvss4_vuldb_bscore6.36.36.36.36.3
cvss4_vuldb_btscore2.92.92.92.92.9
advisory_date1749333600 (06/08/2025)1749333600 (06/08/2025)1749333600 (06/08/2025)1749333600 (06/08/2025)1749333600 (06/08/2025)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k$0-$5k
cvss3_researcher_iHHHH
cvss3_researcher_aNNNN
cvss3_researcher_rcXXXX
cvss3_researcher_cHHHH
cvss3_researcher_uiNNNN
cvss3_researcher_acHHHH
cvss3_researcher_rlOOOO
cvss3_researcher_avNNNN
cvss3_researcher_prNNNN
cvss3_researcher_eXXXX
cvss3_researcher_sUUUU
cvss3_researcher_basescore7.47.47.4
cve_nvd_summaryA vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component.A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component.
cvss4_cna_avNN
cvss4_cna_acHH
cvss4_cna_atNN
cvss4_cna_prNN
cvss4_cna_uiNN
cvss4_cna_vcLL
cvss4_cna_viNN
cvss4_cna_vaNN
cvss4_cna_scNN
cvss4_cna_siNN
cvss4_cna_saNN
cvss4_cna_bscore6.36.3
cvss3_cna_avNN
cvss3_cna_acHH
cvss3_cna_prNN
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cLL
cvss3_cna_iNN
cvss3_cna_aNN
cvss3_cna_basescore3.73.7
cvss2_cna_avNN
cvss2_cna_acHH
cvss2_cna_auNN
cvss2_cna_ciPP
cvss2_cna_iiNN
cvss2_cna_aiNN
cvss2_cna_basescore2.62.6
euvd_idEUVD-2025-17432

GurɗoGumtiGada

Want to stay up to date on a daily basis?

Enable the mail alert feature now!