Sign-up

ID

VAR-202509-0004


CVE

CVE-2025-9778


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  W12  Vulnerability related to use of hardcoded credentials in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-013160

DESCRIPTION

A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. Shenzhen Tenda Technology Co.,Ltd. of W12 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W12 is a dual-band gigabit wireless panel access point (AP) from Tenda Technology, designed for scenarios such as hotels, villas, and large apartments. It supports the IEEE 802.11ac protocol and the Wave2 standard, and boasts a dual-band concurrent speed of 1167Mbps. Attackers can exploit this vulnerability to obtain sensitive information

Trust: 2.16

sources: NVD: CVE-2025-9778 // JVNDB: JVNDB-2025-013160 // CNVD: CNVD-2025-28848

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-28848

AFFECTED PRODUCTS

vendor:tendamodel:w12scope:eqversion:3.0.0.6\(3948\)

Trust: 1.0

vendor:tendamodel:w12scope:eqversion: -

Trust: 0.8

vendor:tendamodel:w12scope:eqversion:w12 firmware 3.0.0.6(3948)

Trust: 0.8

vendor:tendamodel:w12scope: - version: -

Trust: 0.8

vendor:jixiang tengdamodel:w12scope:lteversion:<=123.0.0.63948

Trust: 0.6

vendor:tendamodel:w12scope:lteversion:<=3.0.0.6(3948)

Trust: 0.6

sources: CNVD: CNVD-2025-28848 // JVNDB: JVNDB-2025-013160 // NVD: CVE-2025-9778

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-9778
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-9778
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-013160
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-28848
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-9778
severity: LOW
baseScore: 0.8
vectorString: AV:L/AC:H/AU:M/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-013160
severity: LOW
baseScore: 0.8
vectorString: AV:L/AC:H/AU:M/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-28848
severity: LOW
baseScore: 0.8
vectorString: AV:L/AC:H/AU:M/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-9778
baseSeverity: LOW
baseScore: 1.9
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.5
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-9778
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-013160
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-28848 // JVNDB: JVNDB-2025-013160 // NVD: CVE-2025-9778 // NVD: CVE-2025-9778

PROBLEMTYPE DATA

problemtype:CWE-259

Trust: 1.0

problemtype:CWE-798

Trust: 1.0

problemtype:Using hardcoded passwords (CWE-259) [ others ]

Trust: 0.8

problemtype: Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

problemtype: Use hard-coded credentials (CWE-798) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-013160 // NVD: CVE-2025-9778

EXTERNAL IDS

db:NVDid:CVE-2025-9778

Trust: 3.2

db:VULDBid:322080

Trust: 1.8

db:JVNDBid:JVNDB-2025-013160

Trust: 0.8

db:CNVDid:CNVD-2025-28848

Trust: 0.6

sources: CNVD: CNVD-2025-28848 // JVNDB: JVNDB-2025-013160 // NVD: CVE-2025-9778

REFERENCES

url:https://vuldb.com/?id.322080

Trust: 1.8

url:https://vuldb.com/?submit.640969

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-9778

Trust: 1.4

url:https://vuldb.com/?ctiid.322080

Trust: 1.0

url:https://github.com/august829/yu/blob/main/58ead8e7e08bfb0e8.md

Trust: 1.0

url:https://github.com/august829/yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce

Trust: 1.0

sources: CNVD: CNVD-2025-28848 // JVNDB: JVNDB-2025-013160 // NVD: CVE-2025-9778

SOURCES

db:CNVDid:CNVD-2025-28848
db:JVNDBid:JVNDB-2025-013160
db:NVDid:CVE-2025-9778

LAST UPDATE DATE

2025-11-25T00:05:03.112000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-28848date:2025-11-20T00:00:00
db:JVNDBid:JVNDB-2025-013160date:2025-09-05T09:32:00
db:NVDid:CVE-2025-9778date:2025-09-04T16:19:21.700

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-28848date:2025-11-19T00:00:00
db:JVNDBid:JVNDB-2025-013160date:2025-09-05T00:00:00
db:NVDid:CVE-2025-9778date:2025-09-01T12:15:32.180