CVE-2025-52364 is a high-severity vulnerability affecting the Tenda CP3 Pro router firmware version V22.5.4.93. The issue arises from insecure permissions configured in the device's initialization scripts, specifically /etc/init.d/eth.sh, which enables the telnet service (telnetd) by default upon boot. This configuration allows remote attackers to connect to the device's shell interface over the network without requiring authentication, especially if default or weak credentials remain unchanged. The vulnerability is classified under CWE-1391, indicating improper access control or insecure default permissions. The CVSS v3.1 base score is 7.5, reflecting a network attack vector with low attack complexity, no privileges required, no user interaction, and high impact on confidentiality. While no known exploits are currently reported in the wild, the presence of an open telnet service with potential unauthenticated access poses a significant risk. Attackers could leverage this to gain unauthorized access to the router, potentially intercepting or manipulating network traffic, deploying malware, or using the device as a foothold for further attacks within the network. The lack of authentication and the default enabling of telnet make this vulnerability particularly dangerous, as it lowers the barrier for exploitation.

For European organizations, this vulnerability could have serious consequences. Routers like the Tenda CP3 Pro are commonly used in small to medium-sized enterprises and home office environments. Unauthorized access to these devices could lead to interception of sensitive data, disruption of network services, or lateral movement within corporate networks. Given the high confidentiality impact, attackers could exfiltrate sensitive information passing through the compromised router. The absence of integrity and availability impacts in the CVSS vector suggests that while data manipulation or service disruption is less likely, the breach of confidentiality alone is critical. Additionally, compromised routers can be enlisted into botnets or used to launch attacks against other targets, increasing the broader threat landscape. European organizations with remote or distributed workforces relying on such devices are particularly vulnerable, as attackers can exploit this remotely without physical access. The risk is amplified if default credentials are not changed, a common misconfiguration in many deployments.

To mitigate this vulnerability, European organizations should take the following specific actions: 1) Immediately verify if their Tenda CP3 Pro devices are running firmware version V22.5.4.93 or earlier and disable the telnet service if it is enabled by default. This can be done by accessing the device's configuration interface or via command line if accessible. 2) Change all default credentials to strong, unique passwords to prevent unauthorized access. 3) If possible, update the firmware to a patched version once Tenda releases one addressing this issue. Since no patch links are currently available, organizations should monitor vendor advisories closely. 4) Implement network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data flows. 5) Employ network-level controls such as firewall rules to block inbound telnet (TCP port 23) traffic from untrusted networks, especially the internet. 6) Conduct regular network scans to detect open telnet services and unauthorized access attempts. 7) Educate users and administrators about the risks of default credentials and insecure services. These steps go beyond generic advice by focusing on immediate disabling of vulnerable services, credential management, network controls, and monitoring tailored to this specific vulnerability.