CVE-2025-15371

HIGH

Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G, TEG5328F - Hard-Coded Credentials in Shadow File

Title source: llm
STIX 2.1

Description

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

References (11)

Scores

CVSS v3 7.8
EPSS 0.0001
EPSS Percentile 3.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-259 CWE-798
Status published
Products (49)
Tenda/4G03 Pro 04.03.01.49
Tenda/4G03 Pro 04.05.01.15
Tenda/4G03 Pro 04.08.01.28
Tenda/4G03 Pro 1.0.0.35
Tenda/4G03 Pro 16.01.8.5
Tenda/4G03 Pro 3.0.0.8(4008)
Tenda/4G03 Pro 65.10.15.6
Tenda/4G05 04.03.01.49
Tenda/4G05 04.05.01.15
Tenda/4G05 04.08.01.28
... and 39 more
Published Dec 31, 2025
Tracked Since Feb 18, 2026