Sign-up

ID

VAR-202509-0137


CVE

CVE-2025-9806


DESCRIPTION

A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.

Trust: 1.0

sources: NVD: CVE-2025-9806

AFFECTED PRODUCTS

vendor:tendamodel:fh1202scope:eqversion:1.2.0.9

Trust: 1.0

vendor:tendamodel:fh1202scope:eqversion:1.2.0.20

Trust: 1.0

vendor:tendamodel:fh1202scope:eqversion:1.2.0.14

Trust: 1.0

sources: NVD: CVE-2025-9806

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-9806
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-9806
value: MEDIUM

Trust: 1.0

cna@vuldb.com: CVE-2025-9806
severity: LOW
baseScore: 0.8
vectorString: AV:L/AC:H/AU:M/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

cna@vuldb.com: CVE-2025-9806
baseSeverity: LOW
baseScore: 1.9
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.5
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-9806
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-9806 // NVD: CVE-2025-9806

PROBLEMTYPE DATA

problemtype:CWE-259

Trust: 1.0

problemtype:CWE-798

Trust: 1.0

sources: NVD: CVE-2025-9806

EXTERNAL IDS

db:VULDBid:322130

Trust: 1.0

db:NVDid:CVE-2025-9806

Trust: 1.0

sources: NVD: CVE-2025-9806

REFERENCES

url:https://github.com/august829/yu/blob/main/58ead8e7e08bfb0e9.md#steps-to-reproduce

Trust: 1.0

url:https://vuldb.com/?id.322130

Trust: 1.0

url:https://github.com/august829/yu/blob/main/58ead8e7e08bfb0e9.md

Trust: 1.0

url:https://www.tenda.com.cn/

Trust: 1.0

url:https://vuldb.com/?submit.640980

Trust: 1.0

url:https://vuldb.com/?ctiid.322130

Trust: 1.0

sources: NVD: CVE-2025-9806

SOURCES

db:NVDid:CVE-2025-9806

LAST UPDATE DATE

2025-11-18T15:32:26.461000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-9806date:2025-10-21T13:42:28.893

SOURCES RELEASE DATE

db:NVDid:CVE-2025-9806date:2025-09-02T01:15:30.957