Details of VAR-202508-2714

ID

VAR-202508-2714

CVE

CVE-2025-52054

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC8 Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-013560

DESCRIPTION

An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the last two octets of the MAC address of the device. This allows an unauthenticated attacker to authenticate with network services on the device. Shenzhen Tenda Technology Co.,Ltd. of AC8 An authentication vulnerability exists in firmware.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2025-52054 // JVNDB: JVNDB-2025-013560

AFFECTED PRODUCTS

vendor:	tenda	model:	ac8	scope:	lte	version:	16.03.33.05	Trust: 1.0
vendor:	tenda	model:	ac8	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac8	scope:	lte	version:	ac8 firmware 16.03.33.05 and earlier	Trust: 0.8
vendor:	tenda	model:	ac8	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-013560 // NVD: CVE-2025-52054

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-52054
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-013560
value:	MEDIUM
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-52054
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-013560
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-013560 // NVD: CVE-2025-52054

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-013560 // NVD: CVE-2025-52054

EXTERNAL IDS

db:	NVD	id:	CVE-2025-52054	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-013560	Trust: 0.8

sources: JVNDB: JVNDB-2025-013560 // NVD: CVE-2025-52054

REFERENCES

url:	https://www.virtualhackinglabs.com/advisories/cve-2025-52054-tenda-ac8-calculated-root-password/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-52054	Trust: 0.8

sources: JVNDB: JVNDB-2025-013560 // NVD: CVE-2025-52054

SOURCES

db:	JVNDB	id:	JVNDB-2025-013560
db:	NVD	id:	CVE-2025-52054

LAST UPDATE DATE

2025-09-11T23:28:38.228000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-013560	date:	2025-09-10T06:16:00
db:	NVD	id:	CVE-2025-52054	date:	2025-09-09T18:42:20.370

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-013560	date:	2025-09-10T00:00:00
db:	NVD	id:	CVE-2025-52054	date:	2025-08-28T15:16:00.917