CVE-2025-24322

Summary

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
TendaAC6 V5.0V02.03.01.110affected

Weaknesses

  • CWE-304: CWE-304: Missing Critical Step in Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References