CVE-2025-9309
BaseFortify
Publication date: 2025-08-21
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac10_firmware | 16.03.10.13 |
| tenda | ac10 | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Tenda AC10 firmware version 16.03.10.13, specifically in an unknown function related to the MD5 Hash Handler in the file /etc_ro/shadow. By manipulating this component locally, an attacker can cause hard-coded credentials to be used. The attack is complex and difficult to exploit, but the exploit has been made public.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with local access to the device to manipulate authentication mechanisms, potentially gaining unauthorized access through hard-coded credentials. However, the attack is difficult to perform and requires a high degree of complexity.