CVE-2025-11666

Summary

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaRP3 Pro22.5.7.0affected
TendaRP3 Pro22.5.7.1affected
TendaRP3 Pro22.5.7.2affected
TendaRP3 Pro22.5.7.3affected
TendaRP3 Pro22.5.7.4affected
TendaRP3 Pro22.5.7.5affected
TendaRP3 Pro22.5.7.6affected
TendaRP3 Pro22.5.7.7affected
TendaRP3 Pro22.5.7.8affected
TendaRP3 Pro22.5.7.9affected
TendaRP3 Pro22.5.7.10affected
TendaRP3 Pro22.5.7.11affected
TendaRP3 Pro22.5.7.12affected
TendaRP3 Pro22.5.7.13affected
TendaRP3 Pro22.5.7.14affected
TendaRP3 Pro22.5.7.15affected
TendaRP3 Pro22.5.7.16affected
TendaRP3 Pro22.5.7.17affected
TendaRP3 Pro22.5.7.18affected
TendaRP3 Pro22.5.7.19affected
TendaRP3 Pro22.5.7.20affected
TendaRP3 Pro22.5.7.21affected
TendaRP3 Pro22.5.7.22affected
TendaRP3 Pro22.5.7.23affected
TendaRP3 Pro22.5.7.24affected
TendaRP3 Pro22.5.7.25affected
TendaRP3 Pro22.5.7.26affected
TendaRP3 Pro22.5.7.27affected
TendaRP3 Pro22.5.7.28affected
TendaRP3 Pro22.5.7.29affected
TendaRP3 Pro22.5.7.30affected
TendaRP3 Pro22.5.7.31affected
TendaRP3 Pro22.5.7.32affected
TendaRP3 Pro22.5.7.33affected
TendaRP3 Pro22.5.7.34affected
TendaRP3 Pro22.5.7.35affected
TendaRP3 Pro22.5.7.36affected
TendaRP3 Pro22.5.7.37affected
TendaRP3 Pro22.5.7.38affected
TendaRP3 Pro22.5.7.39affected
TendaRP3 Pro22.5.7.40affected
TendaRP3 Pro22.5.7.41affected
TendaRP3 Pro22.5.7.42affected
TendaRP3 Pro22.5.7.43affected
TendaRP3 Pro22.5.7.44affected
TendaRP3 Pro22.5.7.45affected
TendaRP3 Pro22.5.7.46affected
TendaRP3 Pro22.5.7.47affected
TendaRP3 Pro22.5.7.48affected
TendaRP3 Pro22.5.7.49affected
TendaRP3 Pro22.5.7.50affected
TendaRP3 Pro22.5.7.51affected
TendaRP3 Pro22.5.7.52affected
TendaRP3 Pro22.5.7.53affected
TendaRP3 Pro22.5.7.54affected
TendaRP3 Pro22.5.7.55affected
TendaRP3 Pro22.5.7.56affected
TendaRP3 Pro22.5.7.57affected
TendaRP3 Pro22.5.7.58affected
TendaRP3 Pro22.5.7.59affected
TendaRP3 Pro22.5.7.60affected
TendaRP3 Pro22.5.7.61affected
TendaRP3 Pro22.5.7.62affected
TendaRP3 Pro22.5.7.63affected
TendaRP3 Pro22.5.7.64affected
TendaRP3 Pro22.5.7.65affected
TendaRP3 Pro22.5.7.66affected
TendaRP3 Pro22.5.7.67affected
TendaRP3 Pro22.5.7.68affected
TendaRP3 Pro22.5.7.69affected
TendaRP3 Pro22.5.7.70affected
TendaRP3 Pro22.5.7.71affected
TendaRP3 Pro22.5.7.72affected
TendaRP3 Pro22.5.7.73affected
TendaRP3 Pro22.5.7.74affected
TendaRP3 Pro22.5.7.75affected
TendaRP3 Pro22.5.7.76affected
TendaRP3 Pro22.5.7.77affected
TendaRP3 Pro22.5.7.78affected
TendaRP3 Pro22.5.7.79affected
TendaRP3 Pro22.5.7.80affected
TendaRP3 Pro22.5.7.81affected
TendaRP3 Pro22.5.7.82affected
TendaRP3 Pro22.5.7.83affected
TendaRP3 Pro22.5.7.84affected
TendaRP3 Pro22.5.7.85affected
TendaRP3 Pro22.5.7.86affected
TendaRP3 Pro22.5.7.87affected
TendaRP3 Pro22.5.7.88affected
TendaRP3 Pro22.5.7.89affected
TendaRP3 Pro22.5.7.90affected
TendaRP3 Pro22.5.7.91affected
TendaRP3 Pro22.5.7.92affected
TendaRP3 Pro22.5.7.93affected

Weaknesses

  • CWE-259: Use of Hard-coded Password
  • CWE-255: Credentials Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References