CVE-2025-57220

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-08-28

Last updated on: 2025-09-03

Assigner: MITRE

Description

An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-08-28

Last Modified

2025-09-03

Generated

2026-06-16

AI Q&A

2025-08-28

EPSS Evaluated

2026-06-15

NVD

CVE-2025-57220

EUVD

EUVD-2025-26135

Affected Vendors & Products

Vendor	Product	Version / Range
tenda	ac10_firmware	16.03.10.09_multi_tde01
tenda	ac10	4.0

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-20	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

Executive Summary

This vulnerability is an input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01. It allows an attacker to escalate privileges to root by sending a specially crafted UDP packet.

Impact Analysis

An attacker exploiting this vulnerability can gain root privileges on the affected device, potentially allowing full control over the system, unauthorized access to sensitive data, and the ability to execute arbitrary commands.

Hi! I’m here to help you understand CVE-2025-57220. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2025-57220

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart