Sign-up

ID

VAR-202507-1786


CVE

CVE-2025-52363


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  CP3 Pro  Vulnerability related to use of hardcoded credentials in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-010716

DESCRIPTION

Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access. Shenzhen Tenda Technology Co.,Ltd. Tenda CP3 Pro is an intelligent wireless PTZ camera that integrates 360° panoramic monitoring, 3-megapixel high-definition video, and Wi-Fi 6 network technology. It supports functions such as human/pet detection, crying detection, and one-click calling. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-52363 // JVNDB: JVNDB-2025-010716 // CNVD: CNVD-2025-16709

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-16709

AFFECTED PRODUCTS

vendor:tendamodel:cp3 proscope:eqversion:22.5.4.93

Trust: 1.0

vendor:tendamodel:cp3 proscope:eqversion:cp3 pro firmware 22.5.4.93

Trust: 0.8

vendor:tendamodel:cp3 proscope:eqversion: -

Trust: 0.8

vendor:tendamodel:cp3 proscope: - version: -

Trust: 0.8

vendor:tendamodel:cp3 proscope:eqversion:v22.5.4.93

Trust: 0.6

sources: CNVD: CNVD-2025-16709 // JVNDB: JVNDB-2025-010716 // NVD: CVE-2025-52363

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-52363
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-010716
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-16709
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-16709
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:C/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-52363
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 4.2
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-010716
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-16709 // JVNDB: JVNDB-2025-010716 // NVD: CVE-2025-52363

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-010716 // NVD: CVE-2025-52363

EXTERNAL IDS

db:NVDid:CVE-2025-52363

Trust: 3.2

db:JVNDBid:JVNDB-2025-010716

Trust: 0.8

db:CNVDid:CNVD-2025-16709

Trust: 0.6

sources: CNVD: CNVD-2025-16709 // JVNDB: JVNDB-2025-010716 // NVD: CVE-2025-52363

REFERENCES

url:https://cybermaya.in/posts/post-39/

Trust: 1.8

url:https://www.tendacn.com/product/download/cp3pro.html

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2025-52363

Trust: 0.8

sources: CNVD: CNVD-2025-16709 // JVNDB: JVNDB-2025-010716 // NVD: CVE-2025-52363

SOURCES

db:CNVDid:CNVD-2025-16709
db:JVNDBid:JVNDB-2025-010716
db:NVDid:CVE-2025-52363

LAST UPDATE DATE

2025-08-10T23:16:22.643000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-16709date:2025-07-24T00:00:00
db:JVNDBid:JVNDB-2025-010716date:2025-08-05T08:01:00
db:NVDid:CVE-2025-52363date:2025-08-02T01:36:30.260

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-16709date:2025-07-24T00:00:00
db:JVNDBid:JVNDB-2025-010716date:2025-08-05T00:00:00
db:NVDid:CVE-2025-52363date:2025-07-14T18:15:23.400