CVE-2025-52054
BaseFortify
Publication date: 2025-08-28
Last updated on: 2025-09-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac8_firmware | to 16.03.33.05 (inc) |
| tenda | ac8 | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router firmware version 16.03.33.05 and earlier. The root password is generated by combining a hardcoded static string in the firmware with the last two octets of the device's MAC address, which is easily obtainable. This results in a predictable root password that allows an unauthenticated attacker to authenticate with network services on the device, such as Telnet or SSH, potentially leading to full administrative access and device takeover. [1]
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to gain full administrative access to the affected router remotely or locally. This can lead to unauthorized code execution, privilege escalation, and complete control over the device. Such control could compromise the security and privacy of your network, disrupt network services, or be used as a foothold for further attacks. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying Tenda AC8 v4.0 routers running firmware version 16.03.33.05 or earlier and checking if the root password is generated using the static string combined with the last two octets of the MAC address. You can obtain the MAC address of the device from network traffic or device interface. To verify if the device is vulnerable, attempt to authenticate via Telnet or SSH using the calculated root password (static string + last two MAC octets, Base64 encoded). Commands to check device MAC address include 'arp -a' or 'ip neigh' on Linux systems. To test access, use 'ssh root@<device_ip>' or 'telnet <device_ip>' and try the predicted password. Additionally, scanning the network for open Telnet or SSH ports (23, 22) on Tenda AC8 devices can help detect vulnerable devices. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling remote access services such as Telnet and SSH on the affected Tenda AC8 router to reduce exposure. Since no firmware updates are available and the product is end-of-life, the recommended action is to replace the vulnerable device with a supported model. Avoid using the vulnerable router in sensitive environments and restrict network access to the device where possible. [1]