CVE-2025-27129 – An authentication bypass vulnerability in Tenda... (How to Fix)

Q: What is the severity of CVE-2025-27129?

CVE-2025-27129 has a CVSS score of 9.8 (CRITICAL). An authentication bypass vulnerability in Tenda AC6 routers allows attackers to bypass HTTP authentication and execute arbitrary code. This affects Tenda AC6 V5.0 routers running firmware version V02.03.01.110. Attackers can exploit this remotely without authentication.

📋 TL;DR

An authentication bypass vulnerability in Tenda AC6 routers allows attackers to bypass HTTP authentication and execute arbitrary code. This affects Tenda AC6 V5.0 routers running firmware version V02.03.01.110. Attackers can exploit this remotely without authentication.

💻 Affected Systems

Products:

Tenda AC6 V5.0

Versions: V02.03.01.110

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version only. Other Tenda models or firmware versions may not be vulnerable.

📦 What is this software?

Ac6 Firmware by Tenda

View all CVEs affecting Ac6 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router leading to network infiltration, data interception, malware deployment, and persistent backdoor access.

🟠

Likely Case

Router takeover enabling traffic monitoring, DNS hijacking, credential theft, and lateral movement into connected networks.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and strong network segmentation.

🌐 Internet-Facing: HIGH - Directly exposed routers can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Talos Intelligence has published technical details. The authentication bypass leads directly to RCE, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware for AC6 V5.0. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router administration interface

Network Segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected router with different model or vendor
Implement strict firewall rules blocking all WAN access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is V02.03.01.110, the device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Version page

Verify Fix Applied:

After firmware update, verify version is no longer V02.03.01.110. Test authentication functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts
HTTP requests bypassing auth
Unexpected firmware or configuration changes

Network Indicators:

Suspicious HTTP traffic to router management port
Unexpected outbound connections from router

SIEM Query:

source_ip=router_ip AND (http_method=POST OR http_method=GET) AND uri_contains="/goform/" AND NOT user_agent="normal"

📊 Metadata

CVE ID: CVE-2025-27129

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-288

EPSS Score: 0.16% exploit probability (36.7th percentile)

Published: August 20, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27129, you might also want to check these: