High CVSS 7.5

Overview

Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network, potentially without authentication if default or weak credentials are present

Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: unauth_access (tag impact: HIGH)

Recommended actions:

  • Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags