CVE-2025-24322 identifies a critical authentication bypass vulnerability in the initial setup authentication mechanism of the Tenda AC6 V5.0 router firmware version V02.03.01.110. The flaw is categorized under CWE-304, indicating a missing critical step in authentication, which results in an unsafe default authentication state. An attacker can exploit this vulnerability remotely over the network by crafting a specific request to the device's setup interface, bypassing authentication controls entirely. This allows arbitrary code execution on the device, potentially enabling full compromise of the router. The vulnerability affects the initial setup phase, which is typically designed to secure the device before normal operation, but due to the missing authentication step, the device is exposed to unauthorized access. The CVSS v3.1 base score is 8.1, reflecting high impact on confidentiality, integrity, and availability, with network attack vector, no privileges or user interaction required, but with high attack complexity. No patches or mitigations have been officially released yet, and no known exploits are reported in the wild. The vulnerability was published on August 20, 2025, and assigned by Talos. The lack of authentication in the setup process is a critical design flaw that can be leveraged by attackers to gain control over the device and potentially pivot into internal networks.

For European organizations, this vulnerability poses a significant threat especially to small and medium enterprises and home office environments where Tenda AC6 routers are deployed. Exploitation can lead to complete compromise of the router, enabling attackers to intercept, modify, or disrupt network traffic, deploy malware, or use the device as a foothold for further attacks within the corporate network. Confidentiality is at risk due to potential data interception; integrity is compromised as attackers can alter configurations or inject malicious code; availability can be disrupted by denial-of-service or device takeover. The vulnerability's network-based attack vector and lack of required privileges mean attackers can exploit it remotely without prior access, increasing the risk of widespread exploitation. The absence of known exploits currently provides a window for mitigation, but the high severity score indicates that once exploited, the damage could be severe. European organizations relying on these devices for critical connectivity or IoT network segmentation could face operational disruptions and data breaches.

Immediate mitigation steps include isolating Tenda AC6 V5.0 devices running the vulnerable firmware from untrusted networks, especially the internet, by placing them behind firewalls or network access controls. Network administrators should restrict access to the device’s management interfaces to trusted internal IP ranges only. Monitoring network traffic for unusual requests targeting the setup interface can help detect attempted exploitation. Since no official patch is currently available, organizations should engage with Tenda support channels to obtain firmware updates or advisories. As a longer-term measure, consider replacing vulnerable devices with models from vendors with stronger security track records and timely patch management. Implement network segmentation to limit the impact of a compromised router and enforce strict access controls on critical network segments. Regularly audit device firmware versions and configurations to ensure compliance with security best practices. Educate users about the risks of default or unpatched devices in their home or office environments.