CVE-2025-52363

EUVD-2025-21383
Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CISA-ADPADP
6.8 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
tendacp3_pro_firmware
22.5.4.93
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cybermaya.in/posts/Post-39/
https://www.tendacn.com/product/download/cp3pro.html