CVE-2025-15371

HIGH

Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G, TEG5328F - Hard-Coded Credentials in Shadow File

Title source: llm
STIX 2.1

Description

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

References (11)

Core 11
Core References
Permissions Required, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.339075
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.339075
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.727155
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.727283
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.727284
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.727285
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.727302
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.727305
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.727306
Various Sources product
https://www.tenda.com.cn/

Scores

CVSS v3 7.8
EPSS 0.0012
EPSS Percentile 2.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-259 CWE-798
Status published
Products (49)
Tenda/4G03 Pro 04.03.01.49
Tenda/4G03 Pro 04.05.01.15
Tenda/4G03 Pro 04.08.01.28
Tenda/4G03 Pro 1.0.0.35
Tenda/4G03 Pro 16.01.8.5
Tenda/4G03 Pro 3.0.0.8(4008)
Tenda/4G03 Pro 65.10.15.6
Tenda/4G05 04.03.01.49
Tenda/4G05 04.05.01.15
Tenda/4G05 04.08.01.28
... and 39 more
Published Dec 31, 2025
Tracked Since Feb 18, 2026