CVE-2025-9309

Опубликовано: 21 авг. 2025

Источник: nvd

CVSS3: 2.5

CVSS3: 7

CVSS2: 1

EPSS Низкий

Описание

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used.

Ссылки

https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.md
Exploit
Third Party Advisory
https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.md#steps-to-reproduce
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.320914
Permissions Required
VDB Entry
https://vuldb.com/?id.320914
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.633585
Third Party Advisory
VDB Entry
https://www.tenda.com.cn/
Product
https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.md
Exploit
Third Party Advisory
https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.md#steps-to-reproduce
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00016

Низкий

2.5 Low

CVSS3

7 High

CVSS3

1 Low

CVSS2

Дефекты

CWE-259

Связанные уязвимости

GHSA-wv5v-xwvm-fp5g

CVSS3: 2.5

github

6 месяцев назад

EPSS

Процентиль: 3%

0.00016

Низкий

2.5 Low

CVSS3

7 High

CVSS3

1 Low

CVSS2

Дефекты

CWE-259