CVE-2025-40946 - Vulnerability Analysis
HighCVSS: 8.3Last Updated: May 12, 2026
blueplanet - Authentication Bypass
Overview
blueplanet products (various models and versions) contain a broken authentication vulnerability caused by a CRC16-based algorithm generating Technical Service credentials from device serial numbers, letting attackers derive credentials and gain unauthorized access, exploit requires knowledge of device serial number.
Severity & Score
Impact
Attackers can derive service credentials from serial numbers to gain unauthorized access, potentially compromising device security.
Mitigation
Update to the latest available version that addresses the credential generation vulnerability.
Social Media Activity(2 posts)
š CVE-2025-40946 - High (8.3) A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 110 TL3 (All ver... š https://www.thehackerwire.com/vulnerability/CVE-2025-40946/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2025-40946 - High (8.3) A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 110 TL3 (All ver... š https://www.thehackerwire.com/vulnerability/CVE-2025-40946/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-40946
- Severity
- High
- CVSS Score
- 8.3
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 1.7%
- Social Posts
- 2
CWE
- CWE-321
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H