Sign-up

ID

VAR-202508-2151


CVE

CVE-2025-9309


DESCRIPTION

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used.

Trust: 1.0

sources: NVD: CVE-2025-9309

AFFECTED PRODUCTS

vendor:tendamodel:ac10scope:eqversion:16.03.10.13

Trust: 1.0

sources: NVD: CVE-2025-9309

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-9309
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-9309
value: HIGH

Trust: 1.0

cna@vuldb.com: CVE-2025-9309
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

cna@vuldb.com: CVE-2025-9309
baseSeverity: LOW
baseScore: 2.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-9309
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-9309 // NVD: CVE-2025-9309

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:CWE-259

Trust: 1.0

sources: NVD: CVE-2025-9309

EXTERNAL IDS

db:VULDBid:320914

Trust: 1.0

db:NVDid:CVE-2025-9309

Trust: 1.0

sources: NVD: CVE-2025-9309

REFERENCES

url:https://github.com/xxricardo/iot-cve/blob/main/tenda/ac10/v4.0si_v16.03.10.13.md#steps-to-reproduce

Trust: 1.0

url:https://github.com/xxricardo/iot-cve/blob/main/tenda/ac10/v4.0si_v16.03.10.13.md

Trust: 1.0

url:https://vuldb.com/?ctiid.320914

Trust: 1.0

url:https://vuldb.com/?submit.633585

Trust: 1.0

url:https://www.tenda.com.cn/

Trust: 1.0

url:https://vuldb.com/?id.320914

Trust: 1.0

sources: NVD: CVE-2025-9309

SOURCES

db:NVDid:CVE-2025-9309

LAST UPDATE DATE

2025-08-25T23:39:08.263000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-9309date:2025-08-25T02:02:44.787

SOURCES RELEASE DATE

db:NVDid:CVE-2025-9309date:2025-08-21T17:15:33.277