CRITICAL🇵🇱 Wersja polska

CVE-2025-27129

CVSS 9.8v3.1pub. 2025-08-20upd. 2025-11-03

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability.

🤖 AI Analysis
How it works

The vulnerability affects the HTTP authentication mechanism in the device's firmware (CWE-288 — Authentication Bypass Using an Alternate Path or Channel). An attacker can send a specially crafted HTTP request that bypasses the required identity verification. Successfully bypassing authentication leads directly to the ability to execute arbitrary code on the device.

Impact

An attacker without any privileges can gain full control of the device by executing arbitrary code (RCE) — threatening the confidentiality, integrity and availability of the system and local network.

Mitigation & patch

Security patches available from the manufacturer should be applied according to the references. Until an update is available, it is recommended to isolate the device's administrative panel from the public network and restrict access to the HTTP interface only to trusted hosts.

Who is affected

Tenda AC6 V5.0 with firmware V02.03.01.110

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac6

    HW
    Tenda
    5.0
  • Tenda Ac6 Firmware

    OS
    Tenda
    02.03.01.110
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth Bypass
CWE
References

Related vulnerabilities

CVE-2025-52221CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w Tenda AC6 – funkcja formSetCfm

CVE-2025-29031CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja fromAddressNat

CVE-2025-29029CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja formSetSpeedWan

CVE-2025-29030CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 — funkcja formWifiWpsOOB

CVE-2025-25343CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC6 – funkcja formexeCommand