CVE-2025-52363
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-14

Last updated on: 2025-08-02

Assigner: MITRE

Description
Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-14
Last Modified
2025-08-02
Generated
2026-05-07
AI Q&A
2025-07-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52363
EUVD
EUVD-2025-21383
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda cp3_pro_firmware 22.5.4.93
tenda cp3_pro *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Tenda CP3 Pro Firmware V22.5.4.93 involves hardcoded root password hashes embedded in the firmware's /etc/passwd and /etc/passwd- files. These files are world-readable and lack protection by a shadow file, allowing an attacker with access to the firmware image to extract the password hashes without any privileges or user interaction. The attacker can then attempt to crack these hashes to gain administrative (root) access to the device, potentially leading to full device takeover via exposed services such as Telnet or SSH. [1]


How can this vulnerability impact me? :

If an attacker successfully cracks the hardcoded root password hashes, they can gain unauthorized administrative access to the device. This can lead to privilege escalation, unauthorized control, and full device takeover through services like Telnet or SSH. The confidentiality of the device is highly at risk due to exposure of password hashes, and the integrity of the device can be compromised if the attacker modifies device settings or firmware. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by obtaining and inspecting the firmware image of the Tenda CP3 Pro device, specifically checking for the presence of hardcoded root password hashes in the /etc/passwd and /etc/passwd- files located in the jffs2-root/etc/ directory. Commands to extract and inspect the firmware image might include using binwalk to extract the firmware and then grep or cat to view the passwd files. For example: 1. Extract firmware: binwalk -e firmware.bin 2. Inspect passwd files: cat _firmware_extracted_path_/jffs2-root/etc/passwd 3. Look for known hardcoded hashes such as 'AhpGINvJObG0U' or 'ltEkcRyrDrA.o' Additionally, scanning your network for devices running this firmware version and checking if Telnet or SSH services are enabled can help identify vulnerable devices. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include changing the default root passwords on affected devices to strong, unique passwords; disabling remote services such as Telnet and SSH if they are not required; and ensuring that firmware updates from the vendor are applied once a fix is available. Since the vulnerability involves hardcoded password hashes, changing passwords and disabling unnecessary remote access reduces the risk of unauthorized administrative access. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart