Home

Description

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

PUBLISHED Reserved 2025-12-30 | Published 2025-12-31 | Updated 2025-12-31 | Assigner VulDB




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
HIGH: 7.8CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
6.8AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Problem types

Hard-coded Credentials

Use of Hard-coded Password

Product status

1.0.0.35
affected

3.0.0.8(4008)
affected

04.03.01.49
affected

04.05.01.15
affected

04.08.01.28
affected

16.01.8.5
affected

65.10.15.6
affected

1.0.0.35
affected

3.0.0.8(4008)
affected

04.03.01.49
affected

04.05.01.15
affected

04.08.01.28
affected

16.01.8.5
affected

65.10.15.6
affected

1.0.0.35
affected

3.0.0.8(4008)
affected

04.03.01.49
affected

04.05.01.15
affected

04.08.01.28
affected

16.01.8.5
affected

65.10.15.6
affected

1.0.0.35
affected

3.0.0.8(4008)
affected

04.03.01.49
affected

04.05.01.15
affected

04.08.01.28
affected

16.01.8.5
affected

65.10.15.6
affected

1.0.0.35
affected

3.0.0.8(4008)
affected

04.03.01.49
affected

04.05.01.15
affected

04.08.01.28
affected

16.01.8.5
affected

65.10.15.6
affected

1.0.0.35
affected

3.0.0.8(4008)
affected

04.03.01.49
affected

04.05.01.15
affected

04.08.01.28
affected

16.01.8.5
affected

65.10.15.6
affected

1.0.0.35
affected

3.0.0.8(4008)
affected

04.03.01.49
affected

04.05.01.15
affected

04.08.01.28
affected

16.01.8.5
affected

65.10.15.6
affected

Timeline

2025-12-30:Advisory disclosed
2025-12-30:VulDB entry created
2025-12-30:VulDB entry last update

Credits

vlun-1 (VulDB User) reporter

References

vuldb.com/?id.339075 (VDB-339075 | Tenda i24 Shadow File hard-coded credentials) vdb-entry technical-description

vuldb.com/?ctiid.339075 (VDB-339075 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.727155 (Submit #727155 | Tenda Tenda i24v3.0 V3.0.0.8(4008) V3.0.0.8(4008) Hard-coded Credentials) third-party-advisory

vuldb.com/?submit.727283 (Submit #727283 | Tenda 4G03ProV1.0re V04.03.01.49 Hard-coded Credentials (Duplicate)) third-party-advisory

vuldb.com/?submit.727284 (Submit #727284 | Tenda 4G05V1.0re V04.05.01.15 Hard-coded Credentials (Duplicate)) third-party-advisory

vuldb.com/?submit.727285 (Submit #727285 | Tenda 4G08V1.0re V04.08.01.28 Hard-coded Credentials (Duplicate)) third-party-advisory

vuldb.com/?submit.727302 (Submit #727302 | Tenda G0-8G-PoEV2.0si V16.01.8.5 Hard-coded Credentials (Duplicate)) third-party-advisory

vuldb.com/?submit.727305 (Submit #727305 | Tenda MW5GV1.0re V1.0.0.35 Hard-coded Credentials (Duplicate)) third-party-advisory

vuldb.com/?submit.727306 (Submit #727306 | Tenda TEG5328FV1.0ma V65.10.15.6 Hard-coded Credentials (Duplicate)) third-party-advisory

github.com/...n/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md exploit

www.tenda.com.cn/ product

cve.org (CVE-2025-15371)

nvd.nist.gov (CVE-2025-15371)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.