CVE Catalog

CVE-2025-45343

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.56%

42th percentile - higher than 42% of all known CVEs

Summary

A vulnerability in Tenda W18E router version 2.0 with firmware 16.01.0.11 allows remote arbitrary code execution. The flaw resides in the account editing functionality within the goform/setmodules route.

Risk Assessment

An attacker can gain full control over the device, compromising network confidentiality and integrity, and potentially using the router as a pivot for further attacks.

Recommendation

Immediately update the Tenda W18E router firmware to the latest available version. If no update is available, restrict administrative panel access to trusted IP addresses only.

Original NVD description (English source)

An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS