Tenda TDSEE App ଯେପର୍ଯ୍ୟନ୍ତ 1.7.12 Password Reset Confirmation Code /app/ConfirmSmsCode ସୂଚନା ପ୍ରକାଶ

Rakkoon nageenyaa kan ସମସ୍ୟାଜନକ jedhamuun beekamu Tenda TDSEE App ଯେପର୍ଯ୍ୟନ୍ତ 1.7.12 keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii /app/ConfirmSmsCode keessa kutaa Password Reset Confirmation Code Handler keessa. Dhugumatti jijjiirraa gara ସୂଚନା ପ୍ରକାଶ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-307 si geessa. Beekumsi kun yeroo 06/08/2025 ifoomsifameera. Odeeffannoon kun buufachuuf blog.kevgen.ru irratti dhiyaateera. Dogoggorri kun maqaa CVE-2025-5864 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Qabiyyee miidhamte ol-kaasuuf gorsa ni kennama. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

5 ଆଡାପ୍ଟେସନ୍ · 105 ପଏଣ୍ଟ

ଫିଲ୍ଡସୃଷ୍ଟି ହୋଇଛି
06/08/2025 03:35 PM		ଅଦ୍ୟତନ 1/4
06/08/2025 07:25 PM		ଅଦ୍ୟତନ 2/4
06/08/2025 07:28 PM		ଅଦ୍ୟତନ 3/4
06/09/2025 09:07 AM		ଅଦ୍ୟତନ 4/4
06/09/2025 10:02 AM
software_vendorTendaTendaTendaTendaTenda
software_nameTDSEE AppTDSEE AppTDSEE AppTDSEE AppTDSEE App
software_version<=1.7.12<=1.7.12<=1.7.12<=1.7.12<=1.7.12
software_componentPassword Reset Confirmation Code HandlerPassword Reset Confirmation Code HandlerPassword Reset Confirmation Code HandlerPassword Reset Confirmation Code HandlerPassword Reset Confirmation Code Handler
software_file/app/ConfirmSmsCode/app/ConfirmSmsCode/app/ConfirmSmsCode/app/ConfirmSmsCode/app/ConfirmSmsCode
vulnerability_cweCWE-307 (ସୂଚନା ପ୍ରକାଶ)CWE-307 (ସୂଚନା ପ୍ରକାଶ)CWE-307 (ସୂଚନା ପ୍ରକାଶ)CWE-307 (ସୂଚନା ପ୍ରକାଶ)CWE-307 (ସୂଚନା ପ୍ରକାଶ)
vulnerability_risk11111
cvss3_vuldb_avNNNNN
cvss3_vuldb_acHHHHH
cvss3_vuldb_prNNNNN
cvss3_vuldb_uiNNNNN
cvss3_vuldb_sUUUUU
cvss3_vuldb_cLLLLL
cvss3_vuldb_iNNNNN
cvss3_vuldb_aNNNNN
cvss3_vuldb_ePPPPP
cvss3_vuldb_rlOOOOO
cvss3_vuldb_rcCCCCC
advisory_urlhttps://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/
exploit_availability11111
exploit_publicity11111
exploit_urlhttps://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.mdhttps://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.mdhttps://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.mdhttps://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.mdhttps://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.md
countermeasure_nameଅପଗ୍ରେଡ୍ କରନ୍ତୁଅପଗ୍ରେଡ୍ କରନ୍ତୁଅପଗ୍ରେଡ୍ କରନ୍ତୁଅପଗ୍ରେଡ୍ କରନ୍ତୁଅପଗ୍ରେଡ୍ କରନ୍ତୁ
upgrade_version1.7.151.7.151.7.151.7.151.7.15
source_cveCVE-2025-5864CVE-2025-5864CVE-2025-5864CVE-2025-5864CVE-2025-5864
cna_responsibleVulDBVulDBVulDBVulDBVulDB
software_typeRouter Operating SystemNetwork Camera SoftwareNetwork Camera SoftwareNetwork Camera SoftwareNetwork Camera Software
cvss2_vuldb_avNNNNN
cvss2_vuldb_acHHHHH
cvss2_vuldb_auNNNNN
cvss2_vuldb_ciPPPPP
cvss2_vuldb_iiNNNNN
cvss2_vuldb_aiNNNNN
cvss2_vuldb_ePOCPOCPOCPOCPOC
cvss2_vuldb_rcCCCCC
cvss2_vuldb_rlOFOFOFOFOF
cvss4_vuldb_avNNNNN
cvss4_vuldb_acHHHHH
cvss4_vuldb_prNNNNN
cvss4_vuldb_uiNNNNN
cvss4_vuldb_vcLLLLL
cvss4_vuldb_viNNNNN
cvss4_vuldb_vaNNNNN
cvss4_vuldb_ePPPPP
cvss4_vuldb_atNNNNN
cvss4_vuldb_scNNNNN
cvss4_vuldb_siNNNNN
cvss4_vuldb_saNNNNN
cvss2_vuldb_basescore2.62.62.62.62.6
cvss2_vuldb_tempscore2.02.02.02.02.0
cvss3_vuldb_basescore3.73.73.73.73.7
cvss3_vuldb_tempscore3.43.43.43.43.4
cvss3_meta_basescore3.73.75.54.94.9
cvss3_meta_tempscore3.43.45.24.74.7
cvss4_vuldb_bscore6.36.36.36.36.3
cvss4_vuldb_btscore2.92.92.92.92.9
advisory_date1749333600 (06/08/2025)1749333600 (06/08/2025)1749333600 (06/08/2025)1749333600 (06/08/2025)1749333600 (06/08/2025)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k$0-$5k
cvss3_researcher_iHHHH
cvss3_researcher_aNNNN
cvss3_researcher_rcXXXX
cvss3_researcher_cHHHH
cvss3_researcher_uiNNNN
cvss3_researcher_acHHHH
cvss3_researcher_rlOOOO
cvss3_researcher_avNNNN
cvss3_researcher_prNNNN
cvss3_researcher_eXXXX
cvss3_researcher_sUUUU
cvss3_researcher_basescore7.47.47.4
cve_nvd_summaryA vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component.A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component.
cvss4_cna_avNN
cvss4_cna_acHH
cvss4_cna_atNN
cvss4_cna_prNN
cvss4_cna_uiNN
cvss4_cna_vcLL
cvss4_cna_viNN
cvss4_cna_vaNN
cvss4_cna_scNN
cvss4_cna_siNN
cvss4_cna_saNN
cvss4_cna_bscore6.36.3
cvss3_cna_avNN
cvss3_cna_acHH
cvss3_cna_prNN
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cLL
cvss3_cna_iNN
cvss3_cna_aNN
cvss3_cna_basescore3.73.7
cvss2_cna_avNN
cvss2_cna_acHH
cvss2_cna_auNN
cvss2_cna_ciPP
cvss2_cna_iiNN
cvss2_cna_aiNN
cvss2_cna_basescore2.62.6
euvd_idEUVD-2025-17432

ପଛକୁସମୀକ୍ଷାଆହୁରି ଦୂରରେ

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!