7.8
CVE-2025-15371
- EPSS 0.12%
- Veröffentlicht 31.12.2025 01:15:54
- Zuletzt bearbeitet 29.04.2026 01:00:01
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Tenda i24 Shadow File hard-coded credentials
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTenda
≫
Produkt
i24
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
4G03 Pro
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
4G05
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
4G08
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
G0-8G-PoE
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
Nova MW5G
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
HerstellerTenda
≫
Produkt
TEG5328F
Version
1.0.0.35
Status
affected
Version
3.0.0.8(4008)
Status
affected
Version
04.03.01.49
Status
affected
Version
04.05.01.15
Status
affected
Version
04.08.01.28
Status
affected
Version
16.01.8.5
Status
affected
Version
65.10.15.6
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.02 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 7.1 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 6.8 | 3.1 | 10 |
AV:L/AC:L/Au:S/C:C/I:C/A:C
|
CWE-259 Use of Hard-coded Password
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
https://www.tenda.com.cn/
https://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md
https://vuldb.com/?ctiid.339075
https://vuldb.com/?id.339075
https://vuldb.com/?submit.727155
https://vuldb.com/?submit.727283
https://vuldb.com/?submit.727284
https://vuldb.com/?submit.727285
https://vuldb.com/?submit.727302
https://vuldb.com/?submit.727305
https://vuldb.com/?submit.727306