CVE-2025-24322
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-20

Last updated on: 2025-11-03

Assigner: Talos

Description
An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-20
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-08-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-24322
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda ac6_firmware 02.03.01.110
tenda ac6 5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-304 The product implements an authentication technique, but it skips a step that weakens the technique.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an unsafe default authentication issue in the Initial Setup Authentication functionality of the Tenda AC6 V5.0 V02.03.01.110 device. It allows an attacker to send a specially crafted network request to the device, which can lead to arbitrary code execution. Essentially, an attacker can access the device and execute malicious code without proper authentication.


How can this vulnerability impact me? :

This vulnerability can have severe impacts including unauthorized access to the device, full compromise of the device through arbitrary code execution, and potential disruption of services. An attacker could take control of the device, steal information, or use it as a foothold for further attacks.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart