CVE-2025-52363

MEDIUM

Tenda CP3 Pro Firmware V22.5.4.93 - Use of Hard-coded Credentials in /etc/passwd

Title source: llm

Description

Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://cybermaya.in/posts/Post-39/

Broken Link

https://www.tendacn.com/product/download/cp3pro.html

Scores

CVSS v3 6.8

EPSS 0.0021

EPSS Percentile 10.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

tenda/cp3_pro_firmware 22.5.4.93

Published Jul 14, 2025

Tracked Since Feb 18, 2026