Sign-up

ID

VAR-202508-1971


CVE

CVE-2025-24496


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Firmware vulnerability regarding authentication bypass using alternative paths or channels

Trust: 0.8

sources: JVNDB: JVNDB-2025-012132

DESCRIPTION

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information may be obtained. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167 Mbps

Trust: 2.16

sources: NVD: CVE-2025-24496 // JVNDB: JVNDB-2025-012132 // CNVD: CNVD-2025-20157

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20157

AFFECTED PRODUCTS

vendor:tendamodel:ac6scope:eqversion:02.03.01.110

Trust: 1.6

vendor:tendamodel:ac6scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac6scope: - version: -

Trust: 0.8

vendor:tendamodel:ac6scope:eqversion:ac6 firmware 02.03.01.110

Trust: 0.8

vendor:tendamodel:ac6scope:eqversion:5.0

Trust: 0.6

sources: CNVD: CNVD-2025-20157 // JVNDB: JVNDB-2025-012132 // NVD: CVE-2025-24496

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com: CVE-2025-24496
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-012132
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-20157
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-20157
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

talos-cna@cisco.com: CVE-2025-24496
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-012132
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-20157 // JVNDB: JVNDB-2025-012132 // NVD: CVE-2025-24496

PROBLEMTYPE DATA

problemtype:CWE-288

Trust: 1.0

problemtype:Authentication Bypass Using Alternate Paths or Channels (CWE-288) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-012132 // NVD: CVE-2025-24496

EXTERNAL IDS

db:NVDid:CVE-2025-24496

Trust: 3.2

db:TALOSid:TALOS-2025-2164

Trust: 2.4

db:JVNDBid:JVNDB-2025-012132

Trust: 0.8

db:CNVDid:CNVD-2025-20157

Trust: 0.6

sources: CNVD: CNVD-2025-20157 // JVNDB: JVNDB-2025-012132 // NVD: CVE-2025-24496

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2025-2164

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-24496

Trust: 0.8

sources: CNVD: CNVD-2025-20157 // JVNDB: JVNDB-2025-012132 // NVD: CVE-2025-24496

SOURCES

db:CNVDid:CNVD-2025-20157
db:JVNDBid:JVNDB-2025-012132
db:NVDid:CVE-2025-24496

LAST UPDATE DATE

2025-09-06T00:06:48.630000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-20157date:2025-09-03T00:00:00
db:JVNDBid:JVNDB-2025-012132date:2025-08-22T07:51:00
db:NVDid:CVE-2025-24496date:2025-08-21T18:24:44.620

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-20157date:2025-09-03T00:00:00
db:JVNDBid:JVNDB-2025-012132date:2025-08-22T00:00:00
db:NVDid:CVE-2025-24496date:2025-08-20T14:15:42.500