8.5
CVE-2025-15371
- EPSS 0.01%
- Veröffentlicht 31.12.2025 01:15:54
- Zuletzt bearbeitet 31.12.2025 20:42:15
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTenda
≫
Produkt
i24
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
4G03 Pro
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
4G05
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
4G08
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
G0-8G-PoE
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
Nova MW5G
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
TEG5328F
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.016 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 8.5 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 6.8 | 3.1 | 10 |
AV:L/AC:L/Au:S/C:C/I:C/A:C
|
CWE-259 Use of Hard-coded Password
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.