Tenda AX9
CVE-2025-14636
LOW
Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks.
AnalysisAI
Weak cryptographic hashing in the image_check function of Tenda AX9 firmware 22.03.01.46 allows remote attackers to compromise firmware integrity validation without authentication. The vulnerability has a CVSS score of 2.9 (very low severity) and publicly available exploit code exists, but the high attack complexity and difficult exploitability rating indicate practical barriers to successful exploitation. Real-world risk is minimal: while the vulnerability permits information disclosure related to hash values, it does not enable remote code execution or device takeover.
Technical ContextAI
The vulnerability resides in the httpd component of Tenda AX9 firmware, specifically in the image_check function which is responsible for validating firmware image integrity before installation. The root cause is CWE-327: Use of a Broken or Risky Cryptographic Algorithm, meaning the function employs weak hashing mechanisms insufficient for cryptographic security. Attackers who can supply a malicious firmware image can bypass or predict the hash validation, allowing information disclosure about the firmware authentication process. The affected CPE is cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*.
RemediationAI
Tenda users should upgrade to a patched firmware version beyond 22.03.01.46 when available from Tenda's official website (https://www.tenda.com.cn/). Until an official patch is released, the practical mitigation is limited because the vulnerability exists in the firmware itself - firmware upgrades require the vulnerable image_check function to approve the update. As a compensating control, restrict network access to the AX9 device's management interface (typically port 80/443 for httpd) using firewall rules or network segmentation if remote firmware management is not required; this does not fix the weak hashing but prevents remote attackers from triggering the vulnerable code path. Monitor Tenda security advisories for patched firmware versions and deploy immediately upon release.
More in Ax9 Firmware
View allTenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /gofo
Tenda AX9 V22.03.01.46 is vulnerable to command injection. Rated critical severity (CVSS 9.8), this vulnerability is rem
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNe
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVi
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /gofor
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetSt
Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature th
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today