{“lastseen”:””,”description”:”A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used.”,”published”:”2025-10-13T07:02:07.269Z”,”modified”:”2025-10-13T07:02:07.269Z”,”type”:”cve”,”title”:”Tenda RP3 Pro Firmware Update force_upgrade.sh hard-coded password”,”source”:”VulDB”,”references”:”https:\/\/vuldb.com\/?id.328085\\nhttps:\/\/vuldb.com\/?ctiid.328085\\nhttps:\/\/vuldb.com\/?submit.673128\\nhttps:\/\/github.com\/IOTRes\/IOT_Firmware_Update\/blob\/main\/Tenda\/RP3.md\\nhttps:\/\/www.tenda.com.cn\/”,”id”:”CVE-2025-11666″,”bulletinFamily”:””,”cwe”:[“CWE-259″,”CWE-255″],”cvelist”:null,”sourceData”:”Tenda RP3 Pro 22.5.7.0\\nTenda RP3 Pro 22.5.7.1\\nTenda RP3 Pro 22.5.7.2\\nTenda RP3 Pro 22.5.7.3\\nTenda RP3 Pro 22.5.7.4\\nTenda RP3 Pro 22.5.7.5\\nTenda RP3 Pro 22.5.7.6\\nTenda RP3 Pro 22.5.7.7\\nTenda RP3 Pro 22.5.7.8\\nTenda RP3 Pro 22.5.7.9\\nTenda RP3 Pro 22.5.7.10\\nTenda RP3 Pro 22.5.7.11\\nTenda RP3 Pro 22.5.7.12\\nTenda RP3 Pro 22.5.7.13\\nTenda RP3 Pro 22.5.7.14\\nTenda RP3 Pro 22.5.7.15\\nTenda RP3 Pro 22.5.7.16\\nTenda RP3 Pro 22.5.7.17\\nTenda RP3 Pro 22.5.7.18\\nTenda RP3 Pro 22.5.7.19\\nTenda RP3 Pro 22.5.7.20\\nTenda RP3 Pro 22.5.7.21\\nTenda RP3 Pro 22.5.7.22\\nTenda RP3 Pro 22.5.7.23\\nTenda RP3 Pro 22.5.7.24\\nTenda RP3 Pro 22.5.7.25\\nTenda RP3 Pro 22.5.7.26\\nTenda RP3 Pro 22.5.7.27\\nTenda RP3 Pro 22.5.7.28\\nTenda RP3 Pro 22.5.7.29\\nTenda RP3 Pro 22.5.7.30\\nTenda RP3 Pro 22.5.7.31\\nTenda RP3 Pro 22.5.7.32\\nTenda RP3 Pro 22.5.7.33\\nTenda RP3 Pro 22.5.7.34\\nTenda RP3 Pro 22.5.7.35\\nTenda RP3 Pro 22.5.7.36\\nTenda RP3 Pro 22.5.7.37\\nTenda RP3 Pro 22.5.7.38\\nTenda RP3 Pro 22.5.7.39\\nTenda RP3 Pro 22.5.7.40\\nTenda RP3 Pro 22.5.7.41\\nTenda RP3 Pro 22.5.7.42\\nTenda RP3 Pro 22.5.7.43\\nTenda RP3 Pro 22.5.7.44\\nTenda RP3 Pro 22.5.7.45\\nTenda RP3 Pro 22.5.7.46\\nTenda RP3 Pro 22.5.7.47\\nTenda RP3 Pro 22.5.7.48\\nTenda RP3 Pro 22.5.7.49\\nTenda RP3 Pro 22.5.7.50\\nTenda RP3 Pro 22.5.7.51\\nTenda RP3 Pro 22.5.7.52\\nTenda RP3 Pro 22.5.7.53\\nTenda RP3 Pro 22.5.7.54\\nTenda RP3 Pro 22.5.7.55\\nTenda RP3 Pro 22.5.7.56\\nTenda RP3 Pro 22.5.7.57\\nTenda RP3 Pro 22.5.7.58\\nTenda RP3 Pro 22.5.7.59\\nTenda RP3 Pro 22.5.7.60\\nTenda RP3 Pro 22.5.7.61\\nTenda RP3 Pro 22.5.7.62\\nTenda RP3 Pro 22.5.7.63\\nTenda RP3 Pro 22.5.7.64\\nTenda RP3 Pro 22.5.7.65\\nTenda RP3 Pro 22.5.7.66\\nTenda RP3 Pro 22.5.7.67\\nTenda RP3 Pro 22.5.7.68\\nTenda RP3 Pro 22.5.7.69\\nTenda RP3 Pro 22.5.7.70\\nTenda RP3 Pro 22.5.7.71\\nTenda RP3 Pro 22.5.7.72\\nTenda RP3 Pro 22.5.7.73\\nTenda RP3 Pro 22.5.7.74\\nTenda RP3 Pro 22.5.7.75\\nTenda RP3 Pro 22.5.7.76\\nTenda RP3 Pro 22.5.7.77\\nTenda RP3 Pro 22.5.7.78\\nTenda RP3 Pro 22.5.7.79\\nTenda RP3 Pro 22.5.7.80\\nTenda RP3 Pro 22.5.7.81\\nTenda RP3 Pro 22.5.7.82\\nTenda RP3 Pro 22.5.7.83\\nTenda RP3 Pro 22.5.7.84\\nTenda RP3 Pro 22.5.7.85\\nTenda RP3 Pro 22.5.7.86\\nTenda RP3 Pro 22.5.7.87\\nTenda RP3 Pro 22.5.7.88\\nTenda RP3 Pro 22.5.7.89\\nTenda RP3 Pro 22.5.7.90\\nTenda RP3 Pro 22.5.7.91\\nTenda RP3 Pro 22.5.7.92\\nTenda RP3 Pro 22.5.7.93″,”sourceHref”:””,”cvss”:{“score”:8.4,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:L\/AC:L\/AT:N\/PR:H\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N\/E:P”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”RP3 Pro”,”version”:”22.5.7.0″,”vendor”:”Tenda”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,74,12,15,13,7,11,5],"class_list":["post-21275","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-84","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n