CVE-2025-24496Authentication Bypass Using an Alternate Path or Channel in AC6 V5.0

CWE-288Authentication Bypass Using an Alternate Path or Channel3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 86.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda AC6 V5.0Tenda AC6 Firmware
Timeline
PublishedAug 20

Description

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5tenda/ac6_v5.0V02.03.01.110
NVDtenda/ac6_firmware02.03.01.110

🔴Vulnerability Details

2
CVEList
CVE-2025-24496: An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V52025-08-20
GHSA
GHSA-9m9v-rrq2-99qj: An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V52025-08-20
CVE-2025-24496 — Tenda AC6 V5.0 vulnerability | cvebase