CVE-2025-15371

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
7.8 HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md
https://vuldb.com/?ctiid.339075
https://vuldb.com/?id.339075
https://vuldb.com/?submit.727155
https://vuldb.com/?submit.727283
https://vuldb.com/?submit.727284
https://vuldb.com/?submit.727285
https://vuldb.com/?submit.727302
https://vuldb.com/?submit.727305
https://vuldb.com/?submit.727306
https://www.tenda.com.cn/