Details of VAR-202603-4092

ID

VAR-202603-4092

CVE

CVE-2025-70802

TITLE

Shenzhen Tenda Technology Co.,Ltd. of G1 Hardcoded password usage vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-010779

DESCRIPTION

Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-70802 // JVNDB: JVNDB-2026-010779

AFFECTED PRODUCTS

vendor:	tenda	model:	g1	scope:	eq	version:	16.01.7.8	Trust: 1.0
vendor:	tenda	model:	g1	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	g1	scope:	eq	version:	g1 firmware 16.01.7.8	Trust: 0.8
vendor:	tenda	model:	g1	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-010779 // NVD: CVE-2025-70802

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-70802
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-010779
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-70802
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-010779
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-010779 // NVD: CVE-2025-70802

PROBLEMTYPE DATA

problemtype:	CWE-259	Trust: 1.0
problemtype:	Using hardcoded passwords (CWE-259) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-010779 // NVD: CVE-2025-70802

PATCH

title:

vuln/Tenda/G1V3.1si_V16.01.7.8/report-1.md at main vuln-1/vuln GitHub

url:

https://github.com/vuln-1/vuln/blob/main/Tenda/G1V3.1si_V16.01.7.8/report-1.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-010779

EXTERNAL IDS

db:	NVD	id:	CVE-2025-70802	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-010779	Trust: 0.8

sources: JVNDB: JVNDB-2026-010779 // NVD: CVE-2025-70802

REFERENCES

url:	https://www.tendacn.com/	Trust: 1.8
url:	https://github.com/vuln-1/vuln/blob/main/tenda/g1v3.1si_v16.01.7.8/report-1.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-70802	Trust: 0.8

sources: JVNDB: JVNDB-2026-010779 // NVD: CVE-2025-70802

SOURCES

db:	JVNDB	id:	JVNDB-2026-010779
db:	NVD	id:	CVE-2025-70802

LAST UPDATE DATE

2026-04-14T23:52:43.443000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-010779	date:	2026-04-13T03:22:00
db:	NVD	id:	CVE-2025-70802	date:	2026-04-09T20:27:54.323

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-010779	date:	2026-04-13T00:00:00
db:	NVD	id:	CVE-2025-70802	date:	2026-03-10T21:16:42.367