Sign-up

ID

VAR-202508-2044


CVE

CVE-2025-9091


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC20  Hardcoded password usage vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-012082

DESCRIPTION

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC20 is a home router released by Tenda. The Tenda AC20 suffers from a hardcoded credential vulnerability caused by hardcoded credentials in the /etc_ro/shadow file. This vulnerability could be exploited to compromise confidentiality

Trust: 2.16

sources: NVD: CVE-2025-9091 // JVNDB: JVNDB-2025-012082 // CNVD: CNVD-2025-24482

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-24482

AFFECTED PRODUCTS

vendor:tendamodel:ac20scope:eqversion:16.03.08.12

Trust: 1.6

vendor:tendamodel:ac20scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac20scope:eqversion:ac20 firmware 16.03.08.12

Trust: 0.8

vendor:tendamodel:ac20scope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2025-24482 // JVNDB: JVNDB-2025-012082 // NVD: CVE-2025-9091

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-9091
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-9091
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-012082
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-24482
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-9091
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-012082
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-24482
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-9091
baseSeverity: LOW
baseScore: 2.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-9091
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-012082
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-24482 // JVNDB: JVNDB-2025-012082 // NVD: CVE-2025-9091 // NVD: CVE-2025-9091

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:CWE-259

Trust: 1.0

problemtype:Using hardcoded passwords (CWE-259) [ others ]

Trust: 0.8

problemtype: Use hard-coded credentials (CWE-798) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-012082 // NVD: CVE-2025-9091

EXTERNAL IDS

db:NVDid:CVE-2025-9091

Trust: 3.2

db:VULDBid:320359

Trust: 1.8

db:JVNDBid:JVNDB-2025-012082

Trust: 0.8

db:CNVDid:CNVD-2025-24482

Trust: 0.6

sources: CNVD: CNVD-2025-24482 // JVNDB: JVNDB-2025-012082 // NVD: CVE-2025-9091

REFERENCES

url:https://github.com/zz2266/.github.io/blob/main/ac20/hardcoded%20password/readme.md#description

Trust: 2.4

url:https://github.com/zz2266/.github.io/tree/main/ac20/hardcoded%20password/readme.md

Trust: 1.8

url:https://vuldb.com/?id.320359

Trust: 1.8

url:https://vuldb.com/?submit.632268

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://github.com/zz2266/.github.io/blob/main/ac20/hardcoded%20password/readme.md

Trust: 1.8

url:https://vuldb.com/?ctiid.320359

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-9091

Trust: 0.8

sources: CNVD: CNVD-2025-24482 // JVNDB: JVNDB-2025-012082 // NVD: CVE-2025-9091

SOURCES

db:CNVDid:CNVD-2025-24482
db:JVNDBid:JVNDB-2025-012082
db:NVDid:CVE-2025-9091

LAST UPDATE DATE

2025-11-19T23:25:00.661000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-24482date:2025-10-22T00:00:00
db:JVNDBid:JVNDB-2025-012082date:2025-08-22T06:01:00
db:NVDid:CVE-2025-9091date:2025-08-21T16:10:43.800

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-24482date:2025-10-21T00:00:00
db:JVNDBid:JVNDB-2025-012082date:2025-08-22T00:00:00
db:NVDid:CVE-2025-9091date:2025-08-17T03:15:27.650