CVE-2025-52363

MEDIUM

Tenda Cp3 Pro Firmware - Hard-coded Credentials

Title source: rule

Description

Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

References (2)

[Exploit, Third Party Advisory] https://cybermaya.in/posts/Post-39/

[Broken Link] https://www.tendacn.com/product/download/cp3pro.html

Scores

CVSS v3 6.8

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

tenda/cp3_pro_firmware 22.5.4.93

Published Jul 14, 2025

Tracked Since Feb 18, 2026