CVE-2025-11666

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda RP3 Pro versions through 22.5.7.93

Description A security issue exists in Tenda RP3 Pro up to version 22.5.7.93, specifically within the Firmware Update Handler component. Manipulation of the current force upgrade pwd argument in the force upgrade.sh file can result in the use of a hard-coded password. This issue can only be exploited locally. The exploit for this issue has been published.

Recommendations Update to a version later than 22.5.7.93.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255CWE-259

Related Identifiers

BDU:2025-13329

CVE-2025-11666

Affected Products

Tenda Rp3 Pro

CVE-2025-11666

Weakness Enumeration

Related Identifiers

Affected Products

References · 9