CVE-2025-9778

Tenda W12 Administrative shadow hard-coded credentials

CVSS 1.8 LOWEPSS 0.1%CWE-259 CWE-798

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 1.8EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

01 sep 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Productos afectados

Tenda · W12

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce https://vuldb.com/?ctiid.322080 https://vuldb.com/?id.322080 https://vuldb.com/?submit.640969 https://www.tenda.com.cn/