Tenda CP3 Pro Insecure Permissions Vulnerability Allowing Unauthenticated Telnet Access

Vulnerability

A vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows insecure permissions that enable the telnet service to be active by default at boot. This is facilitated through the initialization script /etc/init.d/eth.sh. As a result, remote attackers could potentially connect to the device's shell over the network, possibly without authentication, if default or weak credentials are used.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the device's shell via the telnet service, allowing for potential manipulation of the device or its settings.

Added: Jul 9, 2025, 3:18 PM

Updated: Jul 9, 2025, 3:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda CP3 Pro Insecure Permissions Vulnerability Allowing Unauthenticated Telnet Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating