CVE-2025-27129 is an authentication bypass vulnerability classified under CWE-288 affecting the Tenda AC6 V5.0 router firmware version V02.03.01.110. The vulnerability resides in the HTTP authentication functionality, where an attacker can craft specific HTTP requests that circumvent the authentication process entirely. This bypass does not require any prior authentication, privileges, or user interaction, making it remotely exploitable over the network. Once authentication is bypassed, the attacker can execute arbitrary code on the router, gaining full control over the device. This can lead to unauthorized configuration changes, interception or redirection of network traffic, installation of persistent malware, or use of the device as a pivot point for further attacks within the network. The vulnerability has a CVSS 3.1 base score of 9.8, indicating critical severity with network attack vector, low attack complexity, no privileges required, no user interaction, and full impact on confidentiality, integrity, and availability. No official patches or firmware updates have been published at the time of disclosure, and no known exploits have been observed in the wild. The vulnerability was reserved in March 2025 and published in August 2025 by Talos. Given the widespread use of Tenda AC6 routers in consumer and small business environments, this vulnerability poses a significant risk if exploited.

For European organizations, exploitation of this vulnerability could lead to complete compromise of affected routers, resulting in unauthorized access to internal networks, interception of sensitive data, and disruption of network services. Small and medium enterprises (SMEs) and home office setups relying on Tenda AC6 routers are particularly vulnerable due to the device's role as a network gateway. Attackers could leverage compromised routers to launch further attacks on corporate networks, exfiltrate confidential information, or disrupt business operations. The vulnerability undermines network perimeter security and could facilitate lateral movement within organizational networks. Additionally, the potential for arbitrary code execution raises concerns about persistent backdoors or botnet recruitment. The absence of patches increases the window of exposure, necessitating immediate mitigation efforts. The impact extends beyond individual organizations to ISPs and managed service providers that deploy these routers at customer premises, potentially affecting a broad user base across Europe.

1. Immediately isolate affected Tenda AC6 V5.0 routers from untrusted networks, especially the internet, by disabling remote management and WAN-side access to the device's HTTP interface. 2. Implement network segmentation to limit the exposure of vulnerable routers to critical internal systems. 3. Monitor network traffic for unusual HTTP requests targeting router management interfaces, using IDS/IPS solutions with custom signatures if possible. 4. Restrict administrative access to the router to trusted IP addresses and use VPNs for remote management where feasible. 5. Regularly audit and update router firmware; although no patch is currently available, monitor Tenda's official channels for updates addressing this vulnerability. 6. Consider replacing vulnerable devices with models from vendors with a stronger security track record if immediate patching is not possible. 7. Educate users and administrators about the risks of this vulnerability and the importance of securing network devices. 8. Employ network-level protections such as firewall rules to block unauthorized access attempts to router management ports.