CVE-2025-52364
CVE-2025-52364
In short
The Tenda CP3 Pro router automatically enables telnet (an insecure remote access service) when it starts up, allowing attackers to connect to the device's control shell from the internet. If the device uses default or weak passwords, attackers can gain full control without proper protection.
Technical detail
The initialization script /etc/init.d/eth.sh enables telnetd by default at boot in firmware V22.5.4.93, exposing an unauthenticated or weakly-authenticated remote shell interface. Remote network attackers can establish telnet connections to execute arbitrary commands on the device, bypassing intended access controls due to insecure default permissions and service configuration.
Summary generated and translated by AI from the official description.
Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network, potentially without authentication if default or weak credentials are present
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →