CVE-2025-52364
HIGHDescription
Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network, potentially without authentication if default or weak credentials are present
Is your site exposed to CVE-2025-52364?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| tenda | cp3_pro_firmware |
| tenda | cp3_pro |
References
Exploits
Other References
Frequently Asked Questions
What is CVE-2025-52364? +
How severe is CVE-2025-52364? +
What products are affected by CVE-2025-52364? +
How do I check if I'm vulnerable to CVE-2025-52364? +
Related Vulnerabilities
Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they …
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. …
A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the …
ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 …
In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can …
Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs …