CVE-2025-52364

Name of the Vulnerable Software and Affected Versions: Tenda CP3 Pro version 22.5.4.93

Description: An insecure permissions issue exists in the Tenda CP3 Pro firmware. The telnet service (telnetd) is enabled by default during boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device’s shell over the network, potentially without authentication if default or weak credentials are present.

Recommendations: Update to a newer version that contains a fix for this issue. As a temporary workaround, consider disabling the telnet service until a patch is available.