Primary

Context

Tenda G1 Firmware Update Vulnerability in Data Authenticity Verification

Vulnerability

A vulnerability exists in the Tenda G1 router, specifically in the firmware version 16.01.7.8(3660). The issue arises in the function 'check_upload_file' within the Firmware Update Handler component. This vulnerability is due to inadequate verification of data authenticity during the firmware update process, allowing attackers to upload compromised firmware that could be executed on the device or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the device or cause a denial-of-service condition, disrupting the normal operation of the router.

Reproduction

To reproduce this vulnerability, upload a firmware file that has been modified to include the same hard-coded verification information as the legitimate update. The router's firmware update process will accept the compromised file, bypassing the integrity and authentication checks.

Added: Aug 14, 2025, 8:48 PM

Updated: Aug 14, 2025, 8:48 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda G1 Firmware Update Vulnerability in Data Authenticity Verification

Vulnerability

Impact

Reproduction

Affected Products

Tenda G1

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating