Details of VAR-202603-3180

ID

VAR-202603-3180

CVE

CVE-2025-70798

TITLE

Shenzhen Tenda Technology Co.,Ltd. of i24 Hardcoded password usage vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-010780

DESCRIPTION

Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-70798 // JVNDB: JVNDB-2026-010780

AFFECTED PRODUCTS

vendor:	tenda	model:	i24	scope:	eq	version:	3.0.0.5	Trust: 1.0
vendor:	tenda	model:	i24	scope:	eq	version:	i24 firmware 3.0.0.5	Trust: 0.8
vendor:	tenda	model:	i24	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	i24	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-010780 // NVD: CVE-2025-70798

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-70798
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-010780
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-70798
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-010780
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-010780 // NVD: CVE-2025-70798

PROBLEMTYPE DATA

problemtype:	CWE-259	Trust: 1.0
problemtype:	Using hardcoded passwords (CWE-259) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-010780 // NVD: CVE-2025-70798

PATCH

title:

vuln/Tenda/i24V3.0si_V3.0.0.5/report-1.md at main vuln-1/vuln GitHub

url:

https://github.com/vuln-1/vuln/blob/main/Tenda/i24V3.0si_V3.0.0.5/report-1.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-010780

EXTERNAL IDS

db:	NVD	id:	CVE-2025-70798	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-010780	Trust: 0.8

sources: JVNDB: JVNDB-2026-010780 // NVD: CVE-2025-70798

REFERENCES

url:	https://www.tendacn.com/	Trust: 1.8
url:	https://github.com/vuln-1/vuln/blob/main/tenda/i24v3.0si_v3.0.0.5/report-1.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-70798	Trust: 0.8

sources: JVNDB: JVNDB-2026-010780 // NVD: CVE-2025-70798

SOURCES

db:	JVNDB	id:	JVNDB-2026-010780
db:	NVD	id:	CVE-2025-70798

LAST UPDATE DATE

2026-04-14T23:45:51.881000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-010780	date:	2026-04-13T03:22:00
db:	NVD	id:	CVE-2025-70798	date:	2026-04-09T20:27:36.003

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-010780	date:	2026-04-13T00:00:00
db:	NVD	id:	CVE-2025-70798	date:	2026-03-10T21:16:42.233