Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-52364

Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network, potentially without authentication if default or weak credentials are present

Published

2025-07-09T15:15:24.650

Last Modified

2025-08-07T18:02:30.053

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-1391

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tenda	cp3_pro_firmware	22.5.4.93	Yes
Hardware	tenda	cp3_pro	-	No

References

https://cybermaya.in/posts/Post-40/ Exploit, Third Party Advisory ([email protected])
https://www.tendacn.com/product/download/cp3pro.html Broken Link ([email protected])