SB2025082123 - Multiple vulnerabilities in Tenda AC6 V5.0 AC1200 Smart Dual-band WiFi Router
Published: August 21, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2025-27129)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the authentication bypass using an alternate path or channel in the HTTP authentication functionality. A remote attacker can bypass authentication and execute arbitrary code on the target system.
2) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2025-24496)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the authentication bypass using an alternate path or channel in the /goform/getproductInfo functionality. A remote attacker can bypass authentication and gain access to sensitive information on the system.
3) Missing Critical Step in Authentication (CVE-ID: CVE-2025-24322)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing critical step in authentication in the Initial Setup Authentication functionality. A remote attacker can bypass authentication process and execute arbitrary code on the target system.
4) Stack-based buffer overflow (CVE-ID: CVE-2025-32010)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Cloud API functionality. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Missing Release of Resource after Effective Lifetime (CVE-ID: CVE-2025-30256)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to missing release of resource after rffective lifetime in the HTTP Header Parsing functionality. A remote attacker can cause a denial of service condition on the target system.
6) Cleartext transmission of sensitive information (CVE-ID: CVE-2025-27564)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information in the web portal authentication functionality. A remote attacker with ability to intercept network traffic can gain access to sensitive data and bypass authentication on the target device.
7) Cleartext transmission of sensitive information (CVE-ID: CVE-2025-31646)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information in the Session Authentication Cookie functionality. A remote attacker with ability to intercept network traffic can gain access to sensitive data and bypass authentication on the target device.
8) Download of code without integrity check (CVE-ID: CVE-2025-31355)
The vulnerability allows a remote user to compromise the affected system
The vulnerability exists due to software does not perform software integrity check when downloading updates within the Firmware Signature Validation functionality. A remote administrator can use a specially crafted file and execute arbitrary code on the target system.
9) Cleartext transmission of sensitive information (CVE-ID: CVE-2025-31143)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information in the Tenda App Router Authentication functionality. A remote attacker with ability to intercept network traffic can gain access to sensitive data and bypass authentication on the target device.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2165
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2164
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2163
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2168
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2166
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2162
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2167
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2161
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2178