Details of VAR-202508-1991

ID

VAR-202508-1991

CVE

CVE-2025-27129

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC6 Firmware vulnerability regarding authentication bypass using alternative paths or channels

Trust: 0.8

sources: JVNDB: JVNDB-2025-012052

DESCRIPTION

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167Mbps

Trust: 2.16

sources: NVD: CVE-2025-27129 // JVNDB: JVNDB-2025-012052 // CNVD: CNVD-2025-20153

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-20153

AFFECTED PRODUCTS

vendor:	tenda	model:	ac6	scope:	eq	version:	02.03.01.110	Trust: 1.6
vendor:	tenda	model:	ac6	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	eq	version:	ac6 firmware 02.03.01.110	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	eq	version:	5.0	Trust: 0.6

sources: CNVD: CNVD-2025-20153 // JVNDB: JVNDB-2025-012052 // NVD: CVE-2025-27129

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com:	CVE-2025-27129
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-012052
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-20153
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-20153
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

talos-cna@cisco.com:	CVE-2025-27129
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-012052
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-20153 // JVNDB: JVNDB-2025-012052 // NVD: CVE-2025-27129

PROBLEMTYPE DATA

problemtype:	CWE-288	Trust: 1.0
problemtype:	Authentication Bypass Using Alternate Paths or Channels (CWE-288) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-012052 // NVD: CVE-2025-27129

EXTERNAL IDS

db:	NVD	id:	CVE-2025-27129	Trust: 3.2
db:	TALOS	id:	TALOS-2025-2165	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-012052	Trust: 0.8
db:	CNVD	id:	CNVD-2025-20153	Trust: 0.6

sources: CNVD: CNVD-2025-20153 // JVNDB: JVNDB-2025-012052 // NVD: CVE-2025-27129

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2025-2165	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2025-27129	Trust: 0.8

sources: CNVD: CNVD-2025-20153 // JVNDB: JVNDB-2025-012052 // NVD: CVE-2025-27129

SOURCES

db:	CNVD	id:	CNVD-2025-20153
db:	JVNDB	id:	JVNDB-2025-012052
db:	NVD	id:	CVE-2025-27129

LAST UPDATE DATE

2025-09-05T23:50:01.611000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-20153	date:	2025-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2025-012052	date:	2025-08-22T02:44:00
db:	NVD	id:	CVE-2025-27129	date:	2025-08-21T18:24:05.310

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-20153	date:	2025-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2025-012052	date:	2025-08-22T00:00:00
db:	NVD	id:	CVE-2025-27129	date:	2025-08-20T14:15:42.727