CVE-2025-24496
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-20

Last updated on: 2025-11-03

Assigner: Talos

Description
An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-20
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-08-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-24496
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda ac6_firmware 02.03.01.110
tenda ac6 5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an information disclosure issue in the /goform/getproductInfo functionality of the Tenda AC6 router (version V5.0 V02.03.01.110). By sending specially crafted network packets, an attacker can trigger the vulnerability and cause the device to disclose sensitive information.


How can this vulnerability impact me? :

The vulnerability can lead to the exposure of sensitive information from the affected device without requiring any privileges or user interaction. This could allow an attacker to gain information that might be used for further attacks or compromise the security of the network.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart