Tenda N300 Vulnerabilities Allow Remote Attackers To Execute Commands As Root

Remote attackers can seize complete control of popular Tenda routers through serious command injection flaws, security researchers warn.

Affecting the Tenda N300 series and Tenda 4G03 Pro portable 4G LTE devices, these vulnerabilities let authenticated users run any command as the powerful “root” superuser.

Discovered via firmware reverse engineering, the issues hit multiple firmware versions with no patches available yet, leaving millions of users exposed.

The Tenda 4G03 Pro acts as a plug-and-play router for on-the-go internet. Users insert a SIM card for global mobile data access.

But flaws in its software leave the door open to attacks.

Technical Breakdown Of The Flaws

Two main CVEs highlight the problems. CVE-2025-13207 targets firmware up to v04.03.01.44.

Attackers craft an authenticated HTTP request to the device’s web server on TCP port 80. This manipulates arguments in the /usr/sbin/httpd service, injecting commands that run as root.

CVE-2024-24481 strikes firmware up to v04.03.01.14. Here, poor input handling in a web interface function sets the stage.

An authenticated user triggers it, followed by a malicious request to TCP port 7329. This leads to command execution, separate from the older CVE-2023-2649.

Both stem from unfiltered user input reaching system functions. Reverse engineering exposed them no public exploits yet, but the path is clear for skilled hackers.

Real-World Risks and Urgent Fixes

Exploitation grants total device takeover. Attackers could spy on traffic, steal credentials, pivot to home networks, or install malware.

In security-sensitive spots like travel or remote work, this turns a handy gadget into a hacker’s gateway.

CERT/CC Vulnerability Note VU#268029, published November 20, 2025, confirms no vendor fixes. Tenda’s status remains “unknown.”

Researchers Ax, Marisa Middler, and Timur Snoke are credited with the find. Switch to another router if possible secured 4G hotspots abound.