CVE-2025-8182
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-26
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-26
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8182
EUVD
EUVD-2025-22790
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda ac18_firmware 15.03.05.19
tenda ac18 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-521 The product does not require that users should have strong passwords.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8182 is a vulnerability in the Tenda AC18 router firmware version 15.03.05.19, specifically in the Samba configuration file (/etc_ro/smb.conf). The vulnerability is caused by weak password enforcement that allows null passwords, enabling remote attackers to access Samba shared resources without authentication. This misconfiguration can lead to unauthorized access to shared files and directories. [1, 2]


How can this vulnerability impact me? :

This vulnerability can allow remote attackers to gain unauthorized access to shared files and directories on the affected Tenda AC18 router. This can lead to information disclosure, unauthorized data manipulation, and compromise of the confidentiality, integrity, and availability of the system. Although exploitation is considered difficult, a proof-of-concept exploit is publicly available. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking the Samba configuration file (/etc_ro/smb.conf) on the Tenda AC18 router firmware version 15.03.05.19 for weak password enforcement or null password settings. Since the vulnerability allows access without authentication if the account has a null password, you can attempt to connect to Samba shares remotely without credentials to test if null password access is allowed. Specific commands to test this could include using smbclient to connect without a password, for example: smbclient -L //<router_ip> -N (where -N means no password). Additionally, scanning the network for Samba shares on the affected device and attempting anonymous access can help detect the vulnerability. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include disabling Samba sharing on the affected Tenda AC18 router if possible, or restricting access to the Samba service to trusted networks only. Since no official vendor patch or fix has been reported, it is recommended to replace the affected product with an alternative device that does not have this vulnerability. Additionally, ensure that no accounts have null or empty passwords configured in the Samba settings to prevent unauthorized access. [2, 1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart