CVE-2025-57220

Published: Aug 28, 2025Modified: Sep 3, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.

Affected (1)

Products: Tenda: Ac10 Firmware

Tenda

1 product

Ac10 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac10 Firmware	Version 16.03.10.09_multi_tde01

Running on/with	Platform Versions
Tenda Ac10	Version 4.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://plaid-knot-11b.notion.site/Unauthenticated-Remote-Root-Shell-via-Input-Validation-Flaw-in-ate-Service-on-Tenda-AC10-V4-0-23fb3e9cce32804d93aad7e79a82a7aa?source=copy_link

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.