Overview
A command injection vulnerability exists across multiple firmware versions that allows an attacker to execute arbitrary commands as root on the affected device. Currently, no solution exists to resolve these vulnerabilities in the Tenda N300 series and Tenda 4G03 Pro devices.
Description
Tenda 4G03 Pro is a portable 4G LTE router that is designed to provide for flexible internet access. It is a plug-and-play device compatible with mobile operators globally, allowing you to insert a SIM card for ad-hoc internet access. Multiple components within this model of Tenda 4G LTE router is impacted by command injection flaws that stem from improper handling of attacker-controlled input passed to internal service functions.
CVE-2025-13207
In Firmware up to and including v04.03.01.44, manipulation of arguments passed to a function within the service /usr/sbin/httpd can be exploited. A crafted, authenticated HTTP request to TCP port 80 can trigger arbitrary command execution.
CVE-2024-24481
In Firmware up to and including v04.03.01.14, improper input handling within an accessible function leads to a similar command injection condition. An authenticated attacker can invoke the function through the web interface, after which a crafted network request to TCP port 7329 can result in command execution. This issue is distinct from CVE-2023-2649.
These vulnerabilities were identified through reverse engineering of the firmware. At this time, no fixed firmware is available to address these vulnerabilities.
Impact
Successful exploitation allows an attacker to execute arbitrary commands as root on the underlying operating system, allowing attacker to take Total control of the device.
Solution
The CERT/CC is currently unaware of a vendor-supplied patch or mitigation for these vulnerabilities.

Use an alternative device: Because no remediation is currently available, users who rely on this device in security-sensitive may consider other devices for such access.
Reduce exposure where possible: If replacement is not immediately feasible, limit usage to reduce risk of abuse.
Monitor for vendor updates: Users should periodically check for firmware updates or advisories from Tenda in case a patch becomes available in the future.

Acknowledgements
Thanks to the reporter Ax for reporting this issue. This document was written by Marisa Middler and Timur Snoke.

VistaNet announces its achievement as an official Sophos Gold Partner, expanding cybersecurity capabilities, advanced firewall and MDR services, and enterprise-grade security offerings to organizations seeking stronger ransomware and threat protection.

Overview
Wolfram Cloud version 14.2 allows Java Virtual Machine (JVM) unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration, and remote code execution. In the same cloud instance, temporary directories of other users may be accessible.
Description
Wolfram Cloud is a multi-tenant cloud platform that supports a virtual “notebook” interface for easier programming and accessibility to tools for quickly building and publishing integrated applications. In this architecture, the instance kernel /tmp/ directory is shared, but with access permissions. Excepting the JVM initialization file, these temporary directories usually do not contain sensitive information. A newly discovered race condition allows attackers to poison the classpath via the shared /tmp/ directory during JVM initializaiton. If an attacker can approximate when users would be launching the JVM, access to an unprotected temporary directory may be successful.
The cause is the implementation of the virtual environment by the hosting platform which manages access to temporary files in a multi-tenant cloud environment. A successful attack will give the attacker access to the temporary directories of other users.
Impact
An attacker that accesses the shared /tmp/ directory of the instance can potentially achieve privilege escalation, information exfiltration, and remote code execution.
This constitutes a Technical Impact = Total under the SSVC framework, meaning:

The vulnerability gives the adversary total control over the behavior of the software or total disclosure of all information on the affected system.

Solution
The CERT/CC recommends updating Wolfram Cloud to version 14.2.1.
Acknowledgements
Thanks to the reporter Peter Roberge from Pointer Cybersecurity. This document was written by Laurie Tyzenhaus and Renae Metcalf.