CVE-2025-9731
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-31

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-31
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-31
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9731
EUVD
EUVD-2025-26297
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda ac9_firmware 15.03.05.19
tenda ac9 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-259 The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Tenda AC9 router firmware version 15.03.05.19 involves hard-coded administrative credentials stored in the file /etc_ro/shadow. The root user account uses a fixed password hashed with a weak algorithm (MD5-crypt), which can be cracked with password recovery tools. Exploiting this flaw allows an attacker with local access to gain unauthorized root access to the router's administrative interface, compromising the device's security. [1, 2]

Impact Analysis

If exploited, this vulnerability allows an attacker with local access to gain unauthorized root-level control over the Tenda AC9 router. This can lead to compromise of the device's security, potentially allowing the attacker to manipulate network settings, intercept traffic, or disrupt network operations. However, remote exploitation is not feasible, and the attack complexity is high. [1, 2]

Detection Guidance

This vulnerability can be detected by checking the presence of the hard-coded root password stored in the file /etc_ro/shadow on the Tenda AC9 router running firmware version 15.03.05.19. Since the password is hashed using MD5-crypt, tools like John the Ripper can be used to attempt to crack the password hash. Commands to extract and test the hash might include accessing the device locally, retrieving the /etc_ro/shadow file, and running John the Ripper against the hash. Specific commands are not provided in the resources, but the general approach involves local access to the device, extracting the shadow file, and using password recovery tools. [1, 2]

Mitigation Strategies

Immediate mitigation steps include replacing the affected Tenda AC9 router with an alternative device, as no known countermeasures or mitigations have been identified. Since the vulnerability involves hard-coded credentials that cannot be changed, avoiding use of the vulnerable product is recommended to prevent exploitation. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9731. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart