CVE-2025-11666 | Tenda RP3 Pro up to 22.5.7.93 Firmware Update force_upgrade.sh current_force_upgrade_pwd hard-coded password

October 12, 2025 Yanac

A vulnerability categorized as critical has been discovered in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password.

The identification of this vulnerability is CVE-2025-11666. The attack can only be executed locally. Furthermore, there is an exploit available.VulDB Recent EntriesRead More