CVE-2025-24322 HIGH

CVE-2025-24322

Vendor Tenda
Product AC6 V5.0
Weakness CWE-304
Published August 20, 2025
Last update November 3, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.

Key dates

02Disclosure timeline

August 20, 2025 CVE published
November 3, 2025 Record updated