High-severity command injection vulnerabilities (CVE-2025-13207 and CVE-2024-24481, CVSS 8.8) have been discovered in Tenda’s **N300 Wi-Fi 4G LTE Router** and **4G03 Pro model**, affecting firmware versions up to **v04.03.01.44** and **v04.03.01.14**, respectively. Authenticated attackers can exploit these flaws via crafted HTTP requests (TCP ports **80** or **7329**) to execute **arbitrary commands with root privileges**, granting full control over the device. This enables interception of network traffic, router configuration manipulation, persistent backdoor establishment, or pivoting attacks into connected networks.No vendor patches or mitigations are available, leaving users exposed. The vulnerabilities stem from improper input handling in internal service functions, discovered via firmware reverse engineering. Successful exploitation risks **complete device compromise**, turning routers into attack launchpads for broader network infiltration. Security experts urge users to **discontinue use** or deploy alternative solutions to prevent potential breaches, data interception, or lateral movement by threat actors. The lack of fixes exacerbates risks for individuals and organizations relying on these devices for mobile or temporary networking.
Source: https://cyberpress.org/tenda-n300-vulnerabilities/
Tenda India cybersecurity rating report: https://www.rankiteo.com/company/tenda-india
"id": "TEN4022640112425",
"linkid": "tenda-india",
"type": "Vulnerability",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Networking Hardware',
'name': 'Tenda Technology',
'type': 'Manufacturer'},
{'location': 'Global',
'name': 'End Users',
'type': 'Consumers/Organizations'}],
'attack_vector': ['Network',
'Authenticated HTTP Request (TCP Port 80)',
'Crafted Network Request (TCP Port 7329)'],
'customer_advisories': ['Users advised to discontinue use of affected '
'devices'],
'description': 'High-severity command injection vulnerabilities have been '
'discovered in Tenda’s N300 Wi-Fi 4G LTE Router and the 4G03 '
'Pro model, enabling authenticated attackers to execute '
'arbitrary commands with root privileges on affected devices. '
'With no patches currently available from the manufacturer, '
'security experts are urging users to consider alternative '
'solutions to protect their networks from potential '
'compromise.\n'
'\n'
'The vulnerabilities (CVE-2025-13207 and CVE-2024-24481) stem '
'from improper handling of attacker-controlled input within '
'the router’s internal service functions. Both carry a CVSS '
'score of 8.8 (High). Successful exploitation grants attackers '
'full control over the device, allowing them to intercept '
'traffic, modify configurations, establish backdoors, or pivot '
'to further attacks. No vendor-supplied patches or mitigations '
'exist at this time.',
'impact': {'brand_reputation_impact': ['Potential loss of trust due to '
'unpatched critical vulnerabilities'],
'operational_impact': ['Potential network traffic interception',
'Router configuration modification',
'Persistent backdoor establishment',
'Pivoting for further attacks on connected '
'networks'],
'systems_affected': ['Tenda N300 Wi-Fi 4G LTE Router',
'Tenda 4G03 Pro Model']},
'investigation_status': 'Ongoing (No patches available; vulnerabilities '
'publicly disclosed)',
'lessons_learned': ['Critical vulnerabilities in widely used networking '
'devices can expose users to severe risks if left '
'unpatched.',
'Lack of vendor response to disclosed vulnerabilities '
'underscores the importance of proactive security '
'measures by end-users.',
'Reverse engineering of firmware can reveal hidden flaws '
'in embedded systems.'],
'post_incident_analysis': {'corrective_actions': ['Vendor must release '
'security patches for all '
'affected firmware '
'versions.',
'Implement secure coding '
'standards for embedded '
'device firmware.',
'Establish a vulnerability '
'disclosure and patch '
'management process.'],
'root_causes': ['Improper input validation in '
'router’s internal service '
'functions (/usr/sbin/httpd and '
'web interface).',
'Lack of secure coding practices '
'for handling attacker-controlled '
'input.',
'Inadequate firmware update '
'mechanisms to address critical '
'vulnerabilities.']},
'recommendations': ['Discontinue use of affected Tenda N300 and 4G03 Pro '
'devices until official patches are released.',
'Deploy alternative networking solutions with active '
'security support.',
'Monitor for unusual network traffic or unauthorized '
'configuration changes on affected devices.',
'Implement network segmentation to limit exposure if '
'continued use is unavoidable.',
'Pressure vendors to prioritize security updates for '
'embedded systems.'],
'references': [{'source': 'CERT Coordination Center (CERT/CC)'},
{'source': 'Security Researcher Disclosures (CVE-2025-13207, '
'CVE-2024-24481)'}],
'response': {'communication_strategy': ['Public disclosure of vulnerabilities',
'Advisories from CERT/CC'],
'containment_measures': ['Users advised to discontinue use until '
'patches are available',
'Consider alternative networking '
'solutions'],
'third_party_assistance': ['Security Researchers',
'CERT Coordination Center']},
'stakeholder_advisories': ['CERT/CC advisory on Tenda vulnerabilities'],
'title': 'High-Severity Command Injection Vulnerabilities in Tenda N300 Wi-Fi '
'4G LTE Router and 4G03 Pro Model',
'type': ['Vulnerability', 'Command Injection'],
'vulnerability_exploited': [{'affected_products': ['Tenda N300 4G03 Pro '
'(Firmware v04.03.01.44 '
'and earlier)'],
'cve_id': 'CVE-2025-13207',
'cvss_score': 8.8,
'cvss_severity': 'High',
'exploitation_details': 'Manipulating arguments '
'passed to a function '
'within the '
'/usr/sbin/httpd service '
'via authenticated HTTP '
'request to TCP port 80.',
'vulnerability_type': 'Command Injection'},
{'affected_products': ['Tenda N300 4G03 Pro '
'(Firmware v04.03.01.14 '
'and earlier)'],
'cve_id': 'CVE-2024-24481',
'cvss_score': 8.8,
'cvss_severity': 'High',
'exploitation_details': 'Improper input handling '
'within a web '
'interface-accessible '
'function via crafted '
'network request to TCP '
'port 7329.',
'vulnerability_type': 'Command Injection'}]}