CVE-2025-1819 – Tenda AC7 1200M telnet TendaTelnet os command injection

https://notcve.org/view.php?id=CVE-2025-1819

02 Mar 2025 — A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Raining-101/IOT_cve/blob/main/Tenda%20a7%20V15.03.06.44%20Command%20injection.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •