CVE-2025-9828

A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized.

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/CP6.md	Exploit Third Party Advisory
https://vuldb.com/?ctiid.322175	Permissions Required VDB Entry
https://vuldb.com/?id.322175	Third Party Advisory VDB Entry
https://vuldb.com/?submit.641566	Third Party Advisory VDB Entry
https://www.tenda.com.cn/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tenda:cp6_firmware:11.10.00.243:*:*:*:*:*:*:*

cpe:2.3:h:tenda:cp6:-:*:*:*:*:*:*:*

History

03 Oct 2025, 15:05

Type	Values Removed	Values Added
CPE		cpe:2.3:h:tenda:cp6:-:::::::* cpe:2.3:o:tenda:cp6_firmware:11.10.00.243:::::::*
First Time		Tenda Tenda cp6 Firmware Tenda cp6
References	~~() https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/CP6.md -~~	() https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/CP6.md - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.322175 -~~	() https://vuldb.com/?ctiid.322175 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.322175 -~~	() https://vuldb.com/?id.322175 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.641566 -~~	() https://vuldb.com/?submit.641566 - Third Party Advisory, VDB Entry
References	~~() https://www.tenda.com.cn/ -~~	() https://www.tenda.com.cn/ - Product

02 Sep 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-02 17:15

Updated : 2025-10-03 15:05

NVD link : CVE-2025-9828

Mitre link : CVE-2025-9828

CVE.ORG link : CVE-2025-9828

JSON object : View

Products Affected

tenda

cp6_firmware
cp6

CWE

CWE-310

Cryptographic Issues

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2025-9828

3.7^/10

2.6^/10

Attach tags to `CVE-2025-9828`