CVE-2025-9806

A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.9 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
VulDBCNA
1.9 LOW
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
tendafh1202_firmware
1.2.0.9
tendafh1202_firmware
1.2.0.14
tendafh1202_firmware
1.2.0.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e9.md
https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e9.md#steps-to-reproduce
https://vuldb.com/?ctiid.322130
https://vuldb.com/?id.322130
https://vuldb.com/?submit.640980
https://www.tenda.com.cn/