CVE-2025-52364 – The Tenda CP3 Pro router firmware has an insecu... (How to Fix)

Q: What is the severity of CVE-2025-52364?

CVE-2025-52364 has a CVSS score of 7.5 (HIGH). The Tenda CP3 Pro router firmware has an insecure permissions vulnerability that enables the telnet service by default at boot, allowing remote attackers to connect to the device's shell over the network. This could lead to unauthorized access if default or weak credentials are present. All users running the affected firmware version are impacted.

📋 TL;DR

The Tenda CP3 Pro router firmware has an insecure permissions vulnerability that enables the telnet service by default at boot, allowing remote attackers to connect to the device's shell over the network. This could lead to unauthorized access if default or weak credentials are present. All users running the affected firmware version are impacted.

💻 Affected Systems

Products:

Tenda CP3 Pro

Versions: Firmware V22.5.4.93

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration via /etc/init.d/eth.sh script enabling telnetd at boot.

📦 What is this software?

Cp3 Pro Firmware by Tenda

View all CVEs affecting Cp3 Pro Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise leading to network infiltration, data exfiltration, malware deployment, and use as a botnet node.

🟠

Likely Case

Unauthorized access to device shell, configuration changes, credential harvesting, and lateral movement within the network.

🟢

If Mitigated

Limited to attempted connection logs if strong authentication and network controls are implemented.

🌐 Internet-Facing: HIGH - Telnet service exposed to internet allows direct remote exploitation attempts.

🏢 Internal Only: MEDIUM - Internal attackers or compromised devices could exploit this for lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple telnet connection attempt with default/weak credentials; detailed in public references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tendacn.com/product/download/cp3pro.html

Restart Required: Yes

Instructions:

1. Check vendor website for updated firmware. 2. Download and verify firmware. 3. Upload via admin interface. 4. Apply update and restart device.

🔧 Temporary Workarounds

Disable Telnet Service

linux

Prevent telnetd from starting at boot by modifying or disabling the initialization script.

chmod -x /etc/init.d/eth.sh
rm /etc/init.d/eth.sh
killall telnetd

Network Access Control

linux

Block telnet port (23) at firewall to prevent remote connections.

iptables -A INPUT -p tcp --dport 23 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices.
Enable strong authentication and change all default credentials immediately.

🔍 How to Verify

Check if Vulnerable:

Check if telnet service is running: 'ps aux | grep telnetd' or 'netstat -tlnp | grep :23'

Check Version:

Check firmware version in web interface or via CLI: 'cat /etc/version'

Verify Fix Applied:

Verify telnet service is not running and port 23 is closed: 'netstat -tlnp | grep :23' should return empty.

📡 Detection & Monitoring

Log Indicators:

Failed/successful telnet authentication attempts in system logs
Unexpected telnetd process execution

Network Indicators:

Telnet connections (TCP port 23) to router IP
Brute-force attempts on telnet service

SIEM Query:

source="router_logs" AND (process="telnetd" OR port=23)

📊 Metadata

CVE ID: CVE-2025-52364

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-1391

EPSS Score: 0.15% exploit probability (35.1th percentile)

Published: July 9, 2025

Last Updated: August 7, 2025

🔗 References

https://cybermaya.in/posts/Post-40/ Exploit,Third Party Advisory
https://www.tendacn.com/product/download/cp3pro.html Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52364, you might also want to check these: