CVE-2025-5864

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tenda TDSEE App versions 1.7.12 and earlier

Description A vulnerability was found in the Tenda TDSEE App, affecting an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. This leads to improper restriction of excessive authentication attempts. The attack can be launched remotely, but the complexity of an attack is rather high, and the exploitation appears to be difficult.

Recommendations For Tenda TDSEE App versions 1.7.12 and earlier, upgrade to version 1.7.15 to address this issue.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-799

Related Identifiers

BDU:2025-10211

CVE-2025-5864

Affected Products

Tenda Tdsee App

CVE-2025-5864

Weakness Enumeration

Related Identifiers

Affected Products

References · 10