exploitDog

CVE-2025-52363

Опубликовано: 14 июл. 2025

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

Ссылки

https://cybermaya.in/posts/Post-39/
Exploit
Third Party Advisory
https://www.tendacn.com/product/download/cp3pro.html
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:cp3_pro_firmware:22.5.4.93:*:*:*:*:*:*:*

cpe:2.3:h:tenda:cp3_pro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00025

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-798

Связанные уязвимости

GHSA-j52h-9ppw-g36v

CVSS3: 6.8

github

7 месяцев назад

Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

EPSS

Процентиль: 6%

0.00025

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-798