CVE-2025-24322

CWE-3043 documents3 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 76.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda AC6 V5.0 Tenda AC6 Firmware

Timeline

PublishedAug 20

Description

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5tenda/ac6_v5.0V02.03.01.110

▶NVDtenda/ac6_firmware02.03.01.110

🔴Vulnerability Details

GHSA

GHSA-5565-9r8p-cjcg: An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5↗2025-08-20

▶

CVEList

CVE-2025-24322: An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5↗2025-08-20

▶