Medium severity6.7NVD Advisory· Published Oct 13, 2025· Updated Apr 29, 2026

CVE-2025-11666

Description

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/RP3.mdnvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd
www.tenda.com.cnnvd

News mentions

No linked articles in our index yet.

cvss	0.436
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000