Sign-up

ID

VAR-202508-2475


CVE

CVE-2025-9731


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Hardcoded password usage vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-013093

DESCRIPTION

A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. Shenzhen Tenda Technology Co.,Ltd. of AC9 The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to compromise confidentiality

Trust: 2.16

sources: NVD: CVE-2025-9731 // JVNDB: JVNDB-2025-013093 // CNVD: CNVD-2025-20273

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20273

AFFECTED PRODUCTS

vendor:tendamodel:ac9scope:eqversion:15.03.05.19

Trust: 1.6

vendor:tendamodel:ac9scope:eqversion:ac9 firmware 15.03.05.19

Trust: 0.8

vendor:tendamodel:ac9scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac9scope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2025-20273 // JVNDB: JVNDB-2025-013093 // NVD: CVE-2025-9731

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-9731
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-9731
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-013093
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-20273
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-9731
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-013093
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-20273
severity: LOW
baseScore: 1.0
vectorString: AV:L/AC:H/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-9731
baseSeverity: LOW
baseScore: 2.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-9731
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-013093
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-20273 // JVNDB: JVNDB-2025-013093 // NVD: CVE-2025-9731 // NVD: CVE-2025-9731

PROBLEMTYPE DATA

problemtype:CWE-259

Trust: 1.0

problemtype:CWE-798

Trust: 1.0

problemtype:Using hardcoded passwords (CWE-259) [ others ]

Trust: 0.8

problemtype: Use hard-coded credentials (CWE-798) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-013093 // NVD: CVE-2025-9731

EXTERNAL IDS

db:NVDid:CVE-2025-9731

Trust: 3.2

db:VULDBid:322022

Trust: 1.8

db:JVNDBid:JVNDB-2025-013093

Trust: 0.8

db:CNVDid:CNVD-2025-20273

Trust: 0.6

sources: CNVD: CNVD-2025-20273 // JVNDB: JVNDB-2025-013093 // NVD: CVE-2025-9731

REFERENCES

url:https://github.com/august829/yu/blob/main/58ead8e7e08bfb0e4.md

Trust: 1.8

url:https://vuldb.com/?id.322022

Trust: 1.8

url:https://vuldb.com/?submit.639748

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-9731

Trust: 1.4

url:https://vuldb.com/?ctiid.322022

Trust: 1.0

sources: CNVD: CNVD-2025-20273 // JVNDB: JVNDB-2025-013093 // NVD: CVE-2025-9731

SOURCES

db:CNVDid:CNVD-2025-20273
db:JVNDBid:JVNDB-2025-013093
db:NVDid:CVE-2025-9731

LAST UPDATE DATE

2025-09-10T23:43:17.308000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-20273date:2025-09-04T00:00:00
db:JVNDBid:JVNDB-2025-013093date:2025-09-05T07:36:00
db:NVDid:CVE-2025-9731date:2025-09-04T16:49:00.897

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-20273date:2025-09-04T00:00:00
db:JVNDBid:JVNDB-2025-013093date:2025-09-05T00:00:00
db:NVDid:CVE-2025-9731date:2025-08-31T14:15:31.413