CVE-2025-45343
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk42th percentile - higher than 42% of all known CVEs
Summary
A vulnerability in Tenda W18E router version 2.0 with firmware 16.01.0.11 allows remote arbitrary code execution. The flaw resides in the account editing functionality within the goform/setmodules route.
Risk Assessment
An attacker can gain full control over the device, compromising network confidentiality and integrity, and potentially using the router as a pivot for further attacks.
Recommendation
Immediately update the Tenda W18E router firmware to the latest available version. If no update is available, restrict administrative panel access to trusted IP addresses only.
Original NVD description (English source)
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.

