Details of VAR-202508-2012

ID

VAR-202508-2012

CVE

CVE-2025-24322

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC6 Vulnerability related to missing critical authentication step in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-012053

DESCRIPTION

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware is vulnerable due to a missing key step of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and offers a wireless transmission rate of 1167Mbps. The Tenda AC6 has a code execution vulnerability

Trust: 2.16

sources: NVD: CVE-2025-24322 // JVNDB: JVNDB-2025-012053 // CNVD: CNVD-2025-20158

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-20158

AFFECTED PRODUCTS

vendor:	tenda	model:	ac6	scope:	eq	version:	02.03.01.110	Trust: 1.6
vendor:	tenda	model:	ac6	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	eq	version:	ac6 firmware 02.03.01.110	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	eq	version:	5.0	Trust: 0.6

sources: CNVD: CNVD-2025-20158 // JVNDB: JVNDB-2025-012053 // NVD: CVE-2025-24322

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com:	CVE-2025-24322
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-24322
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-24322
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-20158
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-20158
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

talos-cna@cisco.com:	CVE-2025-24322
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-24322
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-24322
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-20158 // JVNDB: JVNDB-2025-012053 // NVD: CVE-2025-24322 // NVD: CVE-2025-24322

PROBLEMTYPE DATA

problemtype:	CWE-304	Trust: 1.0
problemtype:	Lack of critical step of authentication (CWE-304) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-012053 // NVD: CVE-2025-24322

EXTERNAL IDS

db:	NVD	id:	CVE-2025-24322	Trust: 3.2
db:	TALOS	id:	TALOS-2025-2163	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-012053	Trust: 0.8
db:	CNVD	id:	CNVD-2025-20158	Trust: 0.6

sources: CNVD: CNVD-2025-20158 // JVNDB: JVNDB-2025-012053 // NVD: CVE-2025-24322

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2025-2163	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-24322	Trust: 1.4

sources: CNVD: CNVD-2025-20158 // JVNDB: JVNDB-2025-012053 // NVD: CVE-2025-24322

SOURCES

db:	CNVD	id:	CNVD-2025-20158
db:	JVNDB	id:	JVNDB-2025-012053
db:	NVD	id:	CVE-2025-24322

LAST UPDATE DATE

2025-09-05T23:50:01.589000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-20158	date:	2025-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2025-012053	date:	2025-08-22T02:44:00
db:	NVD	id:	CVE-2025-24322	date:	2025-08-21T18:24:59.110

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-20158	date:	2025-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2025-012053	date:	2025-08-22T00:00:00
db:	NVD	id:	CVE-2025-24322	date:	2025-08-20T14:15:42.263