Tenda N300 wireless routers and 4G03 Pro portable LTE devices face severe security threats from multiple command injection vulnerabilities that allow attackers to execute arbitrary commands with root privileges.
The affected devices currently lack vendor patches, leaving users vulnerable. The vulnerabilities stem from improper handling of user input within critical service functions on these Tenda devices.
Command Injection Flaws in Tenda N300
According to CERT/CC , Attackers can exploit these flaws through specially crafted HTTP requests to gain complete control over affected routers.
CVE-2025-13207 affects Tenda 4G03 Pro firmware versions up to and including v04.03.01.44.
An authenticated attacker can manipulate arguments passed to functions within the /usr/sbin/httpd service.
| CVE ID | Affected Products | Vulnerability Type | Attack Vector | Impact |
|---|---|---|---|---|
| CVE-2025-13207 | Tenda 4G03 Pro (firmware ≤v04.03.01.44) | Command Injection | Network (HTTP TCP port 80) | Remote Code Execution as root |
| CVE-2024-24481 | Tenda N300 / 4G03 Pro (firmware ≤v04.03.01.14) | Command Injection | Network (TCP port 7329) | Remote Code Execution as root |
By sending a crafted HTTP request to TCP port 80, the attacker can execute arbitrary commands as the root user.
CVE-2024-24481 impacts firmware versions up to v04.03.01.14 and involves improper input handling within an accessible web interface function.
An authenticated attacker can invoke this function and send a crafted network request to TCP port 7329, resulting in command execution.
Carnegie Mellon University researchers note that this issue is distinct from CVE-2023-2649. Successful exploitation grants attackers total control of the affected device.
Once compromised, attackers can modify router configurations, intercept network traffic, deploy malware, or use the device as a central point for further network attacks.
Given that these are network infrastructure devices, the compromise could affect all connected devices and data passing through the router.
Since Tenda has not released patches to address these vulnerabilities, the CERT/CC recommends several mitigation steps.
Users in security-sensitive environments should consider replacing affected devices with alternative routers from other vendors.
If immediate replacement is not possible, minimize the device’s exposure by limiting network access and restricting usage where feasible.
Users should regularly monitor Tenda’s official website and security advisories for potential firmware updates or patches.
The vulnerabilities were publicly disclosed on November 20, 2025, and vendor remediation remains unavailable at this time.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
