HIGH🇵🇱 Wersja polska

CVE-2025-24322

CVSS 8.1v3.1pub. 2025-08-20upd. 2025-11-03

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac6

    HW
    Tenda
    5.0
  • Tenda Ac6 Firmware

    OS
    Tenda
    02.03.01.110
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-52221CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w Tenda AC6 – funkcja formSetCfm

CVE-2025-27129CRITICAL9.8PL ✓ten sam produkt

Auth Bypass + RCE w Tenda AC6 via HTTP (CVE-2025-27129)

CVE-2025-29031CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja fromAddressNat

CVE-2025-29029CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja formSetSpeedWan

CVE-2025-29030CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja formWifiWpsOOB