Tenda AC6 Unsafe Default Authentication Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in the Tenda AC6 router, specifically in version 5.0 V02.03.01.110, due to an unsafe default authentication process during the initial setup. The setup wizard fails to require a web portal username and password, allowing anyone on the local network to gain full administrative access without authentication. This oversight can be exploited to execute arbitrary code, including the installation of malicious firmware.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected device.

Added: Aug 20, 2025, 2:20 PM

Updated: Aug 20, 2025, 2:57 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

7.8

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

7.8

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC6 Unsafe Default Authentication Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

Tenda AC6

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating