Tenda i24 Shadow File hard-coded credentials_CVE-2025-15371

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

AI Analysis

AI processing failed - no valid JSON found

Basic Information

ID CVE-2025-15371

Source VulDB

Published Dec 31, 2025 at 01:02

Affected Product

Vendor Tenda

Product i24

Version 1.0.0.35

Affected Versions Tenda i24 1.0.0.35
Tenda i24 3.0.0.8(4008)
Tenda i24 04.03.01.49
Tenda i24 04.05.01.15
Tenda i24 04.08.01.28
Tenda i24 16.01.8.5
Tenda i24 65.10.15.6
Tenda 4G03 Pro 1.0.0.35
Tenda 4G03 Pro 3.0.0.8(4008)
Tenda 4G03 Pro 04.03.01.49
Tenda 4G03 Pro 04.05.01.15
Tenda 4G03 Pro 04.08.01.28
Tenda 4G03 Pro 16.01.8.5
Tenda 4G03 Pro 65.10.15.6
Tenda 4G05 1.0.0.35
Tenda 4G05 3.0.0.8(4008)
Tenda 4G05 04.03.01.49
Tenda 4G05 04.05.01.15
Tenda 4G05 04.08.01.28
Tenda 4G05 16.01.8.5
Tenda 4G05 65.10.15.6
Tenda 4G08 1.0.0.35
Tenda 4G08 3.0.0.8(4008)
Tenda 4G08 04.03.01.49
Tenda 4G08 04.05.01.15
Tenda 4G08 04.08.01.28
Tenda 4G08 16.01.8.5
Tenda 4G08 65.10.15.6
Tenda G0-8G-PoE 1.0.0.35
Tenda G0-8G-PoE 3.0.0.8(4008)
Tenda G0-8G-PoE 04.03.01.49
Tenda G0-8G-PoE 04.05.01.15
Tenda G0-8G-PoE 04.08.01.28
Tenda G0-8G-PoE 16.01.8.5
Tenda G0-8G-PoE 65.10.15.6
Tenda Nova MW5G 1.0.0.35
Tenda Nova MW5G 3.0.0.8(4008)
Tenda Nova MW5G 04.03.01.49
Tenda Nova MW5G 04.05.01.15
Tenda Nova MW5G 04.08.01.28
Tenda Nova MW5G 16.01.8.5
Tenda Nova MW5G 65.10.15.6
Tenda TEG5328F 1.0.0.35
Tenda TEG5328F 3.0.0.8(4008)
Tenda TEG5328F 04.03.01.49
Tenda TEG5328F 04.05.01.15
Tenda TEG5328F 04.08.01.28
Tenda TEG5328F 16.01.8.5
Tenda TEG5328F 65.10.15.6

CWE Classification

CWE-798 CWE-259

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.",
    "published": "2025-12-31T01:02:06.989Z",
    "modified": "2025-12-31T01:02:06.989Z",
    "type": "cve",
    "title": "Tenda i24 Shadow File hard-coded credentials",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.339075\nhttps://vuldb.com/?ctiid.339075\nhttps://vuldb.com/?submit.727155\nhttps://vuldb.com/?submit.727283\nhttps://vuldb.com/?submit.727284\nhttps://vuldb.com/?submit.727285\nhttps://vuldb.com/?submit.727302\nhttps://vuldb.com/?submit.727305\nhttps://vuldb.com/?submit.727306\nhttps://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-15371",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798",
        "CWE-259"
    ],
    "cvelist": null,
    "sourceData": "Tenda i24 1.0.0.35\nTenda i24 3.0.0.8(4008)\nTenda i24 04.03.01.49\nTenda i24 04.05.01.15\nTenda i24 04.08.01.28\nTenda i24 16.01.8.5\nTenda i24 65.10.15.6\nTenda 4G03 Pro 1.0.0.35\nTenda 4G03 Pro 3.0.0.8(4008)\nTenda 4G03 Pro 04.03.01.49\nTenda 4G03 Pro 04.05.01.15\nTenda 4G03 Pro 04.08.01.28\nTenda 4G03 Pro 16.01.8.5\nTenda 4G03 Pro 65.10.15.6\nTenda 4G05 1.0.0.35\nTenda 4G05 3.0.0.8(4008)\nTenda 4G05 04.03.01.49\nTenda 4G05 04.05.01.15\nTenda 4G05 04.08.01.28\nTenda 4G05 16.01.8.5\nTenda 4G05 65.10.15.6\nTenda 4G08 1.0.0.35\nTenda 4G08 3.0.0.8(4008)\nTenda 4G08 04.03.01.49\nTenda 4G08 04.05.01.15\nTenda 4G08 04.08.01.28\nTenda 4G08 16.01.8.5\nTenda 4G08 65.10.15.6\nTenda G0-8G-PoE 1.0.0.35\nTenda G0-8G-PoE 3.0.0.8(4008)\nTenda G0-8G-PoE 04.03.01.49\nTenda G0-8G-PoE 04.05.01.15\nTenda G0-8G-PoE 04.08.01.28\nTenda G0-8G-PoE 16.01.8.5\nTenda G0-8G-PoE 65.10.15.6\nTenda Nova MW5G 1.0.0.35\nTenda Nova MW5G 3.0.0.8(4008)\nTenda Nova MW5G 04.03.01.49\nTenda Nova MW5G 04.05.01.15\nTenda Nova MW5G 04.08.01.28\nTenda Nova MW5G 16.01.8.5\nTenda Nova MW5G 65.10.15.6\nTenda TEG5328F 1.0.0.35\nTenda TEG5328F 3.0.0.8(4008)\nTenda TEG5328F 04.03.01.49\nTenda TEG5328F 04.05.01.15\nTenda TEG5328F 04.08.01.28\nTenda TEG5328F 16.01.8.5\nTenda TEG5328F 65.10.15.6",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "i24",
    "version": "1.0.0.35",
    "vendor": "Tenda",
    "ai_description": "AI processing failed - no valid JSON found",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}