CVE-2025-9828
LOWTenda CP6 11.10.00.243 - Risky Cryptographic Algorithm in uhttp sub_2B7D04
Title source: llmDescription
A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.322175
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.322175
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.641566
Exploit, Third Party Advisory exploit
patch
https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/CP6.md
Product product
https://www.tenda.com.cn/
Scores
CVSS v3
3.7
EPSS
0.0032
EPSS Percentile
23.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-310
CWE-327
Status
published
Products (1)
tenda/cp6_firmware
11.10.00.243
Published
Sep 02, 2025
Tracked Since
Feb 18, 2026