Listen to this Post
How the CVE Works
CVE-2025-5900 is a CSRF vulnerability in Tenda AC9 firmware version 15.03.02.13. The flaw allows an attacker to trick an authenticated user into executing unintended actions on the router’s web interface. Since no anti-CSRF tokens or referer checks are enforced, a malicious webpage can forge HTTP requests, altering router settings (e.g., DNS, admin credentials) without user consent. The attack is remote, requiring only a logged-in admin to visit a crafted site.
DailyCVE Form
Platform: Tenda AC9
Version: 15.03.02.13
Vulnerability: CSRF
Severity: Medium
Date: 06/16/2025
Prediction: Patch by 09/2025
What Undercode Say
Analytics:
nmap -p 80,443 <router_ip> curl -X POST -d "malicious_payload" http://<router_ip>/apply.cgi
Exploit:
- Crafted HTML form triggering unauthorized router config changes.
- Example payload:
<img src="https://<router_ip>/set_dns?dns=attacker_dns">.
Protection from this CVE:
- Deploy firmware update (when patched).
- Enable CSRF tokens.
- Restrict admin interface access.
Impact:
- Unauthorized router configuration.
- Potential MITM attacks.
- Credential hijacking.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
