cnvd - cnvd-2025-21171

CNVD-2025-21171

Vulnerability from cnvd - Published: 2025-09-12

Title

Tenda CP6加密问题漏洞

Description

Tenda CP6是中国腾达（Tenda）公司的一款智能摄像机。 Tenda CP6 11.10.00.243版本存在加密问题漏洞，该漏洞源于组件uhttp中函数sub_2B7D04使用风险加密算法。攻击者可利用该漏洞导致完整性受影响。

Severity

低

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.tenda.com.cn/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-9828

Impacted products

Name
Tenda CP6 11.10.00.243

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-9828",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-9828"
    }
  },
  "description": "Tenda CP6\u662f\u4e2d\u56fd\u817e\u8fbe\uff08Tenda\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u6444\u50cf\u673a\u3002\n\nTenda CP6 11.10.00.243\u7248\u672c\u5b58\u5728\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7ec4\u4ef6uhttp\u4e2d\u51fd\u6570sub_2B7D04\u4f7f\u7528\u98ce\u9669\u52a0\u5bc6\u7b97\u6cd5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5b8c\u6574\u6027\u53d7\u5f71\u54cd\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.tenda.com.cn/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-21171",
  "openTime": "2025-09-12",
  "products": {
    "product": "Tenda CP6 11.10.00.243"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-9828",
  "serverity": "\u4f4e",
  "submitTime": "2025-09-04",
  "title": "Tenda CP6\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2025-9828 (GCVE-0-2025-9828)

Vulnerability from cvelistv5 – Published: 2025-09-02 17:02 – Updated: 2025-09-02 20:35

Title

Tenda CP6 uhttp sub_2B7D04 risky encryption

Summary

A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized.

Severity ?

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

3.7 (Low)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

CWE

CWE-327 - Risky Cryptographic Algorithm
CWE-310 - Cryptographic Issues

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.322175	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.322175	signaturepermissions-required
	https://vuldb.com/?submit.641566	third-party-advisory
	https://github.com/IOTRes/IOT_Firmware_Update/blo…	exploitpatch
	https://www.tenda.com.cn/	product

Impacted products

	Vendor	Product	Version
	Tenda	CP6	Affected: 11.10.00.243

Credits

IOT_Res (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9828",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T20:35:40.528698Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-02T20:35:45.362Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "uhttp"
          ],
          "product": "CP6",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "11.10.00.243"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "IOT_Res (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized."
        },
        {
          "lang": "de",
          "value": "In Tenda CP6 11.10.00.243 ist eine Schwachstelle entdeckt worden. Es geht hierbei um die Funktion sub_2B7D04 der Komponente uhttp. Durch das Manipulieren mit unbekannten Daten kann eine risky cryptographic algorithm-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-310",
              "description": "Cryptographic Issues",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-02T17:02:08.742Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-322175 | Tenda CP6 uhttp sub_2B7D04 risky encryption",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.322175"
        },
        {
          "name": "VDB-322175 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.322175"
        },
        {
          "name": "Submit #641566 | Tenda CP6 V11.10.00.243 CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.641566"
        },
        {
          "tags": [
            "exploit",
            "patch"
          ],
          "url": "https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/CP6.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-02T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-02T14:25:23.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda CP6 uhttp sub_2B7D04 risky encryption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9828",
    "datePublished": "2025-09-02T17:02:08.742Z",
    "dateReserved": "2025-09-02T12:20:19.714Z",
    "dateUpdated": "2025-09-02T20:35:45.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-21171

CVE-2025-9828 (GCVE-0-2025-9828)

Tags

Sightings

Nomenclature