CVE-2025-5763

A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:cp3_firmware:11.10.00.2311090948:*:*:*:*:*:*:*
cpe:2.3:h:tenda:cp3:-:*:*:*:*:*:*:*

History

10 Jun 2025, 14:55

Type Values Removed Values Added
First Time Tenda
Tenda cp3
Tenda cp3 Firmware
References () https://blog.kevgen.ru/posts/rce_in_tenda_cp3_camera - () https://blog.kevgen.ru/posts/rce_in_tenda_cp3_camera - Exploit, Third Party Advisory
References () https://github.com/k3vg3n/researches/blob/main/RCE_in_Tenda_CP3_camera.md - () https://github.com/k3vg3n/researches/blob/main/RCE_in_Tenda_CP3_camera.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.311305 - () https://vuldb.com/?ctiid.311305 - Permissions Required
References () https://vuldb.com/?id.311305 - () https://vuldb.com/?id.311305 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.590784 - () https://vuldb.com/?submit.590784 - Third Party Advisory, VDB Entry
References () https://www.tenda.com.cn/ - () https://www.tenda.com.cn/ - Product
CPE cpe:2.3:h:tenda:cp3:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:cp3_firmware:11.10.00.2311090948:*:*:*:*:*:*:*

09 Jun 2025, 13:15

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad en Tenda CP3 11.10.00.2311090948, clasificada como crítica. Esta vulnerabilidad afecta a la función sub_F3C8C del archivo apollo. La manipulación provoca la inyección de comandos. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
References () https://github.com/k3vg3n/researches/blob/main/RCE_in_Tenda_CP3_camera.md - () https://github.com/k3vg3n/researches/blob/main/RCE_in_Tenda_CP3_camera.md -

06 Jun 2025, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-06 12:15

Updated : 2025-06-10 14:55


NVD link : CVE-2025-5763

Mitre link : CVE-2025-5763

CVE.ORG link : CVE-2025-5763


JSON object : View

Products Affected

tenda

  • cp3_firmware
  • cp3
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')