ID
CVE
TITLE
Shenzhen Tenda Technology Co.,Ltd. of AC18 Weak password requirement vulnerability in firmware
sources:
JVNDB: JVNDB-2025-010652
DESCRIPTION
A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd
sources:
NVD: CVE-2025-8182 //
JVNDB: JVNDB-2025-010652
AFFECTED PRODUCTS
| vendor: | tenda | model: | ac18 | scope: | eq | version: | 15.03.05.19 | |
| vendor: | tenda | model: | ac18 | scope: | eq | version: | - | |
| vendor: | tenda | model: | ac18 | scope: | eq | version: | ac18 firmware 15.03.05.19 | |
| vendor: | tenda | model: | ac18 | scope: | - | version: | - | |
sources:
JVNDB: JVNDB-2025-010652 //
NVD: CVE-2025-8182
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| cna@vuldb.com: | CVE-2025-8182 | |
|
| value: | LOW | | | nvd@nist.gov: | CVE-2025-8182 | |
|
| value: | HIGH | | | OTHER: | JVNDB-2025-010652 | |
|
| value: | HIGH | |
| | cna@vuldb.com: | CVE-2025-8182 | |
|
| severity: | MEDIUM | | baseScore: | 5.1 | | vectorString: | AV:N/AC:H/AU:N/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | HIGH | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | 4.9 | | impactScore: | 6.4 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | OTHER: | JVNDB-2025-010652 | |
|
| severity: | MEDIUM | | baseScore: | 5.1 | | vectorString: | AV:N/AC:H/AU:N/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | HIGH | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | NONE | | impactScore: | NONE | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | |
| | cna@vuldb.com: | CVE-2025-8182 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 5.6 | | vectorString: | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | | attackVector: | NETWORK | | attackComplexity: | HIGH | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | LOW | | integrityImpact: | LOW | | availabilityImpact: | LOW | | exploitabilityScore: | 2.2 | | impactScore: | 3.4 | | version: | 3.1 | | | nvd@nist.gov: | CVE-2025-8182 | |
|
| baseSeverity: | HIGH | | baseScore: | 7.4 | | vectorString: | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | | attackVector: | NETWORK | | attackComplexity: | HIGH | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | NONE | | exploitabilityScore: | 2.2 | | impactScore: | 5.2 | | version: | 3.1 | | | NVD: | JVNDB-2025-010652 | |
|
| baseSeverity: | HIGH | | baseScore: | 7.4 | | vectorString: | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | | attackVector: | NETWORK | | attackComplexity: | HIGH | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | NONE | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | |
|
sources:
JVNDB: JVNDB-2025-010652 //
NVD: CVE-2025-8182 //
NVD: CVE-2025-8182
PROBLEMTYPE DATA
| problemtype: | CWE-521 | |
| problemtype: | Weak password request (CWE-521) [ others ] | |
sources:
JVNDB: JVNDB-2025-010652 //
NVD: CVE-2025-8182
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-8182 | |
| db: | VULDB | id: | 317596 | |
| db: | JVNDB | id: | JVNDB-2025-010652 | |
sources:
JVNDB: JVNDB-2025-010652 //
NVD: CVE-2025-8182
REFERENCES
| url: | https://vuldb.com/?id.317596 | |
| url: | https://vuldb.com/?submit.621977 | |
| url: | https://www.notion.so/23a54a1113e7802abfabf1275a555f48 | |
| url: | https://www.tenda.com.cn/ | |
| url: | https://vuldb.com/?ctiid.317596 | |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-8182 | |
sources:
JVNDB: JVNDB-2025-010652 //
NVD: CVE-2025-8182
SOURCES
| db: | JVNDB | id: | JVNDB-2025-010652 |
| db: | NVD | id: | CVE-2025-8182 |
LAST UPDATE DATE
2025-08-06T23:19:01.004000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2025-010652 | date: | 2025-08-05T07:04:00 |
| db: | NVD | id: | CVE-2025-8182 | date: | 2025-08-01T20:05:29.587 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2025-010652 | date: | 2025-08-05T00:00:00 |
| db: | NVD | id: | CVE-2025-8182 | date: | 2025-07-26T09:15:26.730 |
