CVE-2025-9091

Exploit

EPSS 0.2%
Veröffentlicht 17.08.2025 02:32:09
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Tenda AC20 shadow hard-coded credentials

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tenda ≫ Ac20 Firmware Version16.03.08.12

Tenda ≫ Ac20 Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.101

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	1.1	0	0	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	2.5	1	1.4	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	1	1.5	2.9	AV:L/AC:H/Au:S/C:P/I:N/A:N

CWE-259 Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.tenda.com.cn/

Product

https://vuldb.com/?id.320359

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.320359

VDB Entry

Permissions Required

https://vuldb.com/?submit.632268

Third Party Advisory

VDB Entry

https://github.com/ZZ2266/.github.io/tree/main/AC20/hardcoded%20password/readme.md

Third Party Advisory

Exploit

https://github.com/ZZ2266/.github.io/blob/main/AC20/hardcoded%20password/readme.md#description

Third Party Advisory

Exploit

https://github.com/ZZ2266/.github.io/blob/main/AC20/hardcoded%20password/readme.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-9091

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-9091

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-9091

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-9091