Tenda RP3 Pro har 22.5.7.93 Firmware Update force_upgrade.sh current_force_upgrade_pwd karkar ndiyamga taƙa

Hakika vulnerability da aka rarraba a matsayin kura an gano a Tenda RP3 Pro har 22.5.7.93. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil force_upgrade.sh, a cikin sashi Firmware Update Handler. Wuro manipulation of the argument current_force_upgrade_pwd ga karkar ndiyamga taƙa. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-259. Lalle, rauni an sanar da shi 10/12/2025. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-11666. Wuroo ka a yiɗi a yi ɗum e laawol gese. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

2 Goyarwa · 87 Datenpunkte

FurɗeSúgá
10/12/2025 15:19		Gargadi 1/1
10/13/2025 09:44
software_vendorTendaTenda
software_nameRP3 ProRP3 Pro
software_version<=22.5.7.93<=22.5.7.93
software_componentFirmware Update HandlerFirmware Update Handler
software_fileforce_upgrade.shforce_upgrade.sh
software_argumentcurrent_force_upgrade_pwdcurrent_force_upgrade_pwd
vulnerability_cweCWE-259 (karkar ndiyamga taƙa)CWE-259 (karkar ndiyamga taƙa)
vulnerability_risk22
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prHH
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_ePP
cvss3_vuldb_rcRR
advisory_urlhttps://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/RP3.mdhttps://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/RP3.md
exploit_availability11
exploit_publicity11
exploit_urlhttps://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/RP3.mdhttps://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/RP3.md
source_cveCVE-2025-11666CVE-2025-11666
cna_responsibleVulDBVulDB
software_typeRouter Operating SystemRouter Operating System
cvss2_vuldb_avLL
cvss2_vuldb_acLL
cvss2_vuldb_auMM
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rcURUR
cvss4_vuldb_avLL
cvss4_vuldb_acLL
cvss4_vuldb_prHH
cvss4_vuldb_uiNN
cvss4_vuldb_vcHH
cvss4_vuldb_viHH
cvss4_vuldb_vaHH
cvss4_vuldb_ePP
cvss2_vuldb_rlNDND
cvss3_vuldb_rlXX
cvss4_vuldb_atNN
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore5.65.6
cvss3_vuldb_basescore6.76.7
cvss3_vuldb_tempscore6.16.1
cvss3_meta_basescore6.76.7
cvss3_meta_tempscore6.16.4
cvss4_vuldb_bscore8.48.4
cvss4_vuldb_btscore7.07.0
advisory_date1760220000 (10/12/2025)1760220000 (10/12/2025)
price_0day$0-$5k$0-$5k
cve_nvd_summaryA flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used.
cvss4_cna_avL
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prH
cvss4_cna_uiN
cvss4_cna_vcH
cvss4_cna_viH
cvss4_cna_vaH
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore8.4
cvss3_cna_avL
cvss3_cna_acL
cvss3_cna_prH
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cH
cvss3_cna_iH
cvss3_cna_aH
cvss3_cna_basescore6.7
cvss2_cna_avL
cvss2_cna_acL
cvss2_cna_auM
cvss2_cna_ciC
cvss2_cna_iiC
cvss2_cna_aiC
cvss2_cna_basescore6.5

GurɗoGumtiGada

Do you want to use VulDB in your project?

Use the official API to access entries easily!