CVE-2025-41764 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 9, 2026
Unspecified Product - Broken Access Control
Overview
An unspecified vendor's product contains a broken access control vulnerability caused by insufficient authorization enforcement in the wwwupdate.cgi endpoint, letting unauthorized remote attackers upload and apply arbitrary updates, exploit requires no special privileges.
Severity & Score
Impact
Unauthorized remote attackers can upload and apply arbitrary updates, potentially leading to full system compromise.
Mitigation
Update to the latest version with proper authorization enforcement.
Social Media Activity(2 posts)
š“ CVE-2025-41764 - Critical (9.1) Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates. š https://www.thehackerwire.com/vulnerability/CVE-2025-41764/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2025-41764 - Critical (9.1) Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates. š https://www.thehackerwire.com/vulnerability/CVE-2025-41764/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-41764
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- broken_access_control
- Status
- unconfirmed
- EPSS
- 10.2%
- Social Posts
- 2
CWE
- CWE-862
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H