Common Weakness Enumeration

CWE-259

Allowed

Use of Hard-coded Password

Abstraction: Variant · Status: Draft

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

315 vulnerabilities reference this CWE, most recent first.

CVE-2025-13252 (GCVE-0-2025-13252)

Vulnerability from cvelistv5 – Published: 2025-11-16 23:02 – Updated: 2025-11-17 18:41
VLAI
Title
shsuishang ShopSuite ModulithShop RSA/OAuth2/Database hard-coded credentials
Summary
A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Hard-coded Credentials
  • CWE-259 - Use of Hard-coded Password
Assigner
References
Impacted products
Vendor Product Version
shsuishang ShopSuite ModulithShop Affected: 45a99398cec3b7ad7ff9383694f0b53339f2d35a
Create a notification for this product.
Credits
ez-lbz (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13252",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-17T18:40:29.182816Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-17T18:41:06.687Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "RSA/OAuth2/Database"
          ],
          "product": "ShopSuite ModulithShop",
          "vendor": "shsuishang",
          "versions": [
            {
              "status": "affected",
              "version": "45a99398cec3b7ad7ff9383694f0b53339f2d35a"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ez-lbz (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable."
        },
        {
          "lang": "de",
          "value": "In shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a ist eine Schwachstelle entdeckt worden. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente RSA/OAuth2/Database. Durch die Manipulation mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-16T23:02:05.790Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-332587 | shsuishang ShopSuite ModulithShop RSA/OAuth2/Database hard-coded credentials",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.332587"
        },
        {
          "name": "VDB-332587 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.332587"
        },
        {
          "name": "Submit #687685 | shsuishang modulithshop v1.0.0 Hardcoded Secrets and Credentials",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.687685"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/shsuishang/modulithshop/issues/2"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/shsuishang/modulithshop/issues/2#issue-3580272472"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-16T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-11-16T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-11-16T11:38:48.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "shsuishang ShopSuite ModulithShop RSA/OAuth2/Database hard-coded credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-13252",
    "datePublished": "2025-11-16T23:02:05.790Z",
    "dateReserved": "2025-11-16T10:33:44.251Z",
    "dateUpdated": "2025-11-17T18:41:06.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12676 (GCVE-0-2025-12676)

Vulnerability from cvelistv5 – Published: 2025-11-05 07:27 – Updated: 2026-04-08 17:12
VLAI
Title
KiotViet Sync <= 1.8.5 - Use of Hard-coded Password to Authorization Bypass
Summary
The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This makes it possible for unauthenticated attackers to create and sync products.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
Assigner
Impacted products
Vendor Product Version
mykiot KiotViet Sync Affected: 0 , ≤ 1.8.5 (semver)
Create a notification for this product.
Credits
Kenneth Dunn
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12676",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-05T14:20:31.675546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-05T14:20:41.378Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "KiotViet Sync",
          "vendor": "mykiot",
          "versions": [
            {
              "lessThanOrEqual": "1.8.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Kenneth Dunn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This makes it possible for unauthenticated attackers to create and sync products."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259 Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:12:43.962Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d7165b-1290-4032-8fbc-75ec1ab34a08?source=cve"
        },
        {
          "url": "https://wordpress.org/plugins/kiotvietsync/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-04T18:55:04.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "KiotViet Sync \u003c= 1.8.5 - Use of Hard-coded Password to Authorization Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-12676",
    "datePublished": "2025-11-05T07:27:56.492Z",
    "dateReserved": "2025-11-03T22:02:11.284Z",
    "dateUpdated": "2026-04-08T17:12:43.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11666 (GCVE-0-2025-11666)

Vulnerability from cvelistv5 – Published: 2025-10-13 07:02 – Updated: 2025-10-14 15:03
VLAI
Title
Tenda RP3 Pro Firmware Update force_upgrade.sh hard-coded password
Summary
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
  • CWE-255 - Credentials Management
Assigner
References
URL Tags
https://vuldb.com/?id.328085 vdb-entrytechnical-description
https://vuldb.com/?ctiid.328085 signaturepermissions-required
https://vuldb.com/?submit.673128 third-party-advisory
https://github.com/IOTRes/IOT_Firmware_Update/blo… exploitpatch
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda RP3 Pro Affected: 22.5.7.0
Affected: 22.5.7.1
Affected: 22.5.7.2
Affected: 22.5.7.3
Affected: 22.5.7.4
Affected: 22.5.7.5
Affected: 22.5.7.6
Affected: 22.5.7.7
Affected: 22.5.7.8
Affected: 22.5.7.9
Affected: 22.5.7.10
Affected: 22.5.7.11
Affected: 22.5.7.12
Affected: 22.5.7.13
Affected: 22.5.7.14
Affected: 22.5.7.15
Affected: 22.5.7.16
Affected: 22.5.7.17
Affected: 22.5.7.18
Affected: 22.5.7.19
Affected: 22.5.7.20
Affected: 22.5.7.21
Affected: 22.5.7.22
Affected: 22.5.7.23
Affected: 22.5.7.24
Affected: 22.5.7.25
Affected: 22.5.7.26
Affected: 22.5.7.27
Affected: 22.5.7.28
Affected: 22.5.7.29
Affected: 22.5.7.30
Affected: 22.5.7.31
Affected: 22.5.7.32
Affected: 22.5.7.33
Affected: 22.5.7.34
Affected: 22.5.7.35
Affected: 22.5.7.36
Affected: 22.5.7.37
Affected: 22.5.7.38
Affected: 22.5.7.39
Affected: 22.5.7.40
Affected: 22.5.7.41
Affected: 22.5.7.42
Affected: 22.5.7.43
Affected: 22.5.7.44
Affected: 22.5.7.45
Affected: 22.5.7.46
Affected: 22.5.7.47
Affected: 22.5.7.48
Affected: 22.5.7.49
Affected: 22.5.7.50
Affected: 22.5.7.51
Affected: 22.5.7.52
Affected: 22.5.7.53
Affected: 22.5.7.54
Affected: 22.5.7.55
Affected: 22.5.7.56
Affected: 22.5.7.57
Affected: 22.5.7.58
Affected: 22.5.7.59
Affected: 22.5.7.60
Affected: 22.5.7.61
Affected: 22.5.7.62
Affected: 22.5.7.63
Affected: 22.5.7.64
Affected: 22.5.7.65
Affected: 22.5.7.66
Affected: 22.5.7.67
Affected: 22.5.7.68
Affected: 22.5.7.69
Affected: 22.5.7.70
Affected: 22.5.7.71
Affected: 22.5.7.72
Affected: 22.5.7.73
Affected: 22.5.7.74
Affected: 22.5.7.75
Affected: 22.5.7.76
Affected: 22.5.7.77
Affected: 22.5.7.78
Affected: 22.5.7.79
Affected: 22.5.7.80
Affected: 22.5.7.81
Affected: 22.5.7.82
Affected: 22.5.7.83
Affected: 22.5.7.84
Affected: 22.5.7.85
Affected: 22.5.7.86
Affected: 22.5.7.87
Affected: 22.5.7.88
Affected: 22.5.7.89
Affected: 22.5.7.90
Affected: 22.5.7.91
Affected: 22.5.7.92
Affected: 22.5.7.93
Create a notification for this product.
Credits
IOT_Res (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11666",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T15:02:57.658834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T15:03:06.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Firmware Update Handler"
          ],
          "product": "RP3 Pro",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "22.5.7.0"
            },
            {
              "status": "affected",
              "version": "22.5.7.1"
            },
            {
              "status": "affected",
              "version": "22.5.7.2"
            },
            {
              "status": "affected",
              "version": "22.5.7.3"
            },
            {
              "status": "affected",
              "version": "22.5.7.4"
            },
            {
              "status": "affected",
              "version": "22.5.7.5"
            },
            {
              "status": "affected",
              "version": "22.5.7.6"
            },
            {
              "status": "affected",
              "version": "22.5.7.7"
            },
            {
              "status": "affected",
              "version": "22.5.7.8"
            },
            {
              "status": "affected",
              "version": "22.5.7.9"
            },
            {
              "status": "affected",
              "version": "22.5.7.10"
            },
            {
              "status": "affected",
              "version": "22.5.7.11"
            },
            {
              "status": "affected",
              "version": "22.5.7.12"
            },
            {
              "status": "affected",
              "version": "22.5.7.13"
            },
            {
              "status": "affected",
              "version": "22.5.7.14"
            },
            {
              "status": "affected",
              "version": "22.5.7.15"
            },
            {
              "status": "affected",
              "version": "22.5.7.16"
            },
            {
              "status": "affected",
              "version": "22.5.7.17"
            },
            {
              "status": "affected",
              "version": "22.5.7.18"
            },
            {
              "status": "affected",
              "version": "22.5.7.19"
            },
            {
              "status": "affected",
              "version": "22.5.7.20"
            },
            {
              "status": "affected",
              "version": "22.5.7.21"
            },
            {
              "status": "affected",
              "version": "22.5.7.22"
            },
            {
              "status": "affected",
              "version": "22.5.7.23"
            },
            {
              "status": "affected",
              "version": "22.5.7.24"
            },
            {
              "status": "affected",
              "version": "22.5.7.25"
            },
            {
              "status": "affected",
              "version": "22.5.7.26"
            },
            {
              "status": "affected",
              "version": "22.5.7.27"
            },
            {
              "status": "affected",
              "version": "22.5.7.28"
            },
            {
              "status": "affected",
              "version": "22.5.7.29"
            },
            {
              "status": "affected",
              "version": "22.5.7.30"
            },
            {
              "status": "affected",
              "version": "22.5.7.31"
            },
            {
              "status": "affected",
              "version": "22.5.7.32"
            },
            {
              "status": "affected",
              "version": "22.5.7.33"
            },
            {
              "status": "affected",
              "version": "22.5.7.34"
            },
            {
              "status": "affected",
              "version": "22.5.7.35"
            },
            {
              "status": "affected",
              "version": "22.5.7.36"
            },
            {
              "status": "affected",
              "version": "22.5.7.37"
            },
            {
              "status": "affected",
              "version": "22.5.7.38"
            },
            {
              "status": "affected",
              "version": "22.5.7.39"
            },
            {
              "status": "affected",
              "version": "22.5.7.40"
            },
            {
              "status": "affected",
              "version": "22.5.7.41"
            },
            {
              "status": "affected",
              "version": "22.5.7.42"
            },
            {
              "status": "affected",
              "version": "22.5.7.43"
            },
            {
              "status": "affected",
              "version": "22.5.7.44"
            },
            {
              "status": "affected",
              "version": "22.5.7.45"
            },
            {
              "status": "affected",
              "version": "22.5.7.46"
            },
            {
              "status": "affected",
              "version": "22.5.7.47"
            },
            {
              "status": "affected",
              "version": "22.5.7.48"
            },
            {
              "status": "affected",
              "version": "22.5.7.49"
            },
            {
              "status": "affected",
              "version": "22.5.7.50"
            },
            {
              "status": "affected",
              "version": "22.5.7.51"
            },
            {
              "status": "affected",
              "version": "22.5.7.52"
            },
            {
              "status": "affected",
              "version": "22.5.7.53"
            },
            {
              "status": "affected",
              "version": "22.5.7.54"
            },
            {
              "status": "affected",
              "version": "22.5.7.55"
            },
            {
              "status": "affected",
              "version": "22.5.7.56"
            },
            {
              "status": "affected",
              "version": "22.5.7.57"
            },
            {
              "status": "affected",
              "version": "22.5.7.58"
            },
            {
              "status": "affected",
              "version": "22.5.7.59"
            },
            {
              "status": "affected",
              "version": "22.5.7.60"
            },
            {
              "status": "affected",
              "version": "22.5.7.61"
            },
            {
              "status": "affected",
              "version": "22.5.7.62"
            },
            {
              "status": "affected",
              "version": "22.5.7.63"
            },
            {
              "status": "affected",
              "version": "22.5.7.64"
            },
            {
              "status": "affected",
              "version": "22.5.7.65"
            },
            {
              "status": "affected",
              "version": "22.5.7.66"
            },
            {
              "status": "affected",
              "version": "22.5.7.67"
            },
            {
              "status": "affected",
              "version": "22.5.7.68"
            },
            {
              "status": "affected",
              "version": "22.5.7.69"
            },
            {
              "status": "affected",
              "version": "22.5.7.70"
            },
            {
              "status": "affected",
              "version": "22.5.7.71"
            },
            {
              "status": "affected",
              "version": "22.5.7.72"
            },
            {
              "status": "affected",
              "version": "22.5.7.73"
            },
            {
              "status": "affected",
              "version": "22.5.7.74"
            },
            {
              "status": "affected",
              "version": "22.5.7.75"
            },
            {
              "status": "affected",
              "version": "22.5.7.76"
            },
            {
              "status": "affected",
              "version": "22.5.7.77"
            },
            {
              "status": "affected",
              "version": "22.5.7.78"
            },
            {
              "status": "affected",
              "version": "22.5.7.79"
            },
            {
              "status": "affected",
              "version": "22.5.7.80"
            },
            {
              "status": "affected",
              "version": "22.5.7.81"
            },
            {
              "status": "affected",
              "version": "22.5.7.82"
            },
            {
              "status": "affected",
              "version": "22.5.7.83"
            },
            {
              "status": "affected",
              "version": "22.5.7.84"
            },
            {
              "status": "affected",
              "version": "22.5.7.85"
            },
            {
              "status": "affected",
              "version": "22.5.7.86"
            },
            {
              "status": "affected",
              "version": "22.5.7.87"
            },
            {
              "status": "affected",
              "version": "22.5.7.88"
            },
            {
              "status": "affected",
              "version": "22.5.7.89"
            },
            {
              "status": "affected",
              "version": "22.5.7.90"
            },
            {
              "status": "affected",
              "version": "22.5.7.91"
            },
            {
              "status": "affected",
              "version": "22.5.7.92"
            },
            {
              "status": "affected",
              "version": "22.5.7.93"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "IOT_Res (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Tenda RP3 Pro up to 22.5.7.93 entdeckt. Betroffen davon ist eine unbekannte Funktion der Datei force_upgrade.sh der Komponente Firmware Update Handler. Durch das Beeinflussen des Arguments current_force_upgrade_pwd mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Der Angriff muss lokal durchgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-255",
              "description": "Credentials Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-13T07:02:07.269Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-328085 | Tenda RP3 Pro Firmware Update force_upgrade.sh hard-coded password",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.328085"
        },
        {
          "name": "VDB-328085 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.328085"
        },
        {
          "name": "Submit #673128 | Tenda RP3 Pro V22.5.7.93 CWE-287 Improper Authentication",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.673128"
        },
        {
          "tags": [
            "exploit",
            "patch"
          ],
          "url": "https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/RP3.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-12T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-12T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-12T15:19:26.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda RP3 Pro Firmware Update force_upgrade.sh hard-coded password"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11666",
    "datePublished": "2025-10-13T07:02:07.269Z",
    "dateReserved": "2025-10-12T13:14:23.093Z",
    "dateUpdated": "2025-10-14T15:03:06.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-11649 (GCVE-0-2025-11649)

Vulnerability from cvelistv5 – Published: 2025-10-12 22:32 – Updated: 2025-10-20 04:36
VLAI
Title
Tomofun Furbo 360/Furbo Mini Root Account hard-coded password
Summary
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
  • CWE-255 - Credentials Management
Assigner
References
URL Tags
https://vuldb.com/?id.328060 vdb-entrytechnical-description
https://vuldb.com/?ctiid.328060 signaturepermissions-required
https://vuldb.com/?submit.662769 third-party-advisory
https://github.com/dead1nfluence/Furbo-Advisories… exploit
Impacted products
Credits
Calvin Star (Software Secured) Julian B (Software Secured) jTag Labs (VulDB User) jTag Labs (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11649",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T13:50:22.745957Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T13:50:28.468Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Root Account Handler"
          ],
          "product": "Furbo 360",
          "vendor": "Tomofun",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "Root Account Handler"
          ],
          "product": "Furbo Mini",
          "vendor": "Tomofun",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Calvin Star (Software Secured)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Julian B (Software Secured)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "jTag Labs (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "jTag Labs (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Tomofun Furbo 360 and Furbo Mini gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente Root Account Handler. Die Ver\u00e4nderung resultiert in use of hard-coded password. Der Angriff erfordert einen lokalen Zugriff. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausf\u00fchrung eines Exploits gilt als schwer. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6,
            "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-255",
              "description": "Credentials Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-20T04:36:21.504Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-328060 | Tomofun Furbo 360/Furbo Mini Root Account hard-coded password",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.328060"
        },
        {
          "name": "VDB-328060 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.328060"
        },
        {
          "name": "Submit #662769 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Hardcoded Password",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.662769"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Hardcoded-Password.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-15T20:00:00.000Z",
          "value": "Vulnerability found"
        },
        {
          "lang": "en",
          "time": "2025-06-21T23:00:00.000Z",
          "value": "Vendor informed"
        },
        {
          "lang": "en",
          "time": "2025-07-03T04:30:00.000Z",
          "value": "Vendor acknowledged"
        },
        {
          "lang": "en",
          "time": "2025-10-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-11T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-20T06:38:26.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tomofun Furbo 360/Furbo Mini Root Account hard-coded password"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11649",
    "datePublished": "2025-10-12T22:32:05.850Z",
    "dateReserved": "2025-10-11T18:33:12.813Z",
    "dateUpdated": "2025-10-20T04:36:21.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-11643 (GCVE-0-2025-11643)

Vulnerability from cvelistv5 – Published: 2025-10-12 19:32 – Updated: 2025-10-18 07:12
VLAI
Title
Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials
Summary
A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Hard-coded Credentials
  • CWE-259 - Use of Hard-coded Password
Assigner
References
URL Tags
https://vuldb.com/?id.328054 vdb-entrytechnical-description
https://vuldb.com/?ctiid.328054 signaturepermissions-required
https://vuldb.com/?submit.661875 third-party-advisory
Impacted products
Credits
Calvin Star (Software Secured) Julian B (Software Secured) jTag Labs (VulDB User) jTag Labs (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11643",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T14:05:47.974465Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T14:05:52.215Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://vuldb.com/?submit.661875"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "MQTT Client Certificate"
          ],
          "product": "Furbo 360",
          "vendor": "Tomofun",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        },
        {
          "modules": [
            "MQTT Client Certificate"
          ],
          "product": "Furbo Mini",
          "vendor": "Tomofun",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Calvin Star (Software Secured)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Julian B (Software Secured)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "jTag Labs (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "jTag Labs (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tomofun Furbo 360 and Furbo Mini wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /squashfs-root/furbo_img der Komponente MQTT Client Certificate. Mittels Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:X",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:X",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:ND",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-18T07:12:43.081Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-328054 | Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.328054"
        },
        {
          "name": "VDB-328054 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.328054"
        },
        {
          "name": "Submit #661875 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Hardcoded Credentials",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.661875"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-15T20:00:00.000Z",
          "value": "Vulnerability found"
        },
        {
          "lang": "en",
          "time": "2025-06-21T23:00:00.000Z",
          "value": "Vendor informed"
        },
        {
          "lang": "en",
          "time": "2025-07-03T04:30:00.000Z",
          "value": "Vendor acknowledged"
        },
        {
          "lang": "en",
          "time": "2025-10-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-11T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-18T09:17:39.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11643",
    "datePublished": "2025-10-12T19:32:05.829Z",
    "dateReserved": "2025-10-11T18:32:53.176Z",
    "dateUpdated": "2025-10-18T07:12:43.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-11284 (GCVE-0-2025-11284)

Vulnerability from cvelistv5 – Published: 2025-10-05 05:32 – Updated: 2025-10-07 18:16
VLAI
Title
Zytec Dalian Zhuoyun Technology Central Authentication Service HTTP Header git hard-coded password
Summary
A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
  • CWE-255 - Credentials Management
Assigner
References
URL Tags
https://vuldb.com/?id.327042 vdb-entrytechnical-description
https://vuldb.com/?ctiid.327042 signaturepermissions-required
https://vuldb.com/?submit.659701 third-party-advisory
http://101.200.76.102:38765/qwertyuiop/qwsdfvbnm/… exploit
Credits
BadKitty (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11284",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-07T18:16:56.356023Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-07T18:16:59.518Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "http://101.200.76.102:38765/qwertyuiop/qwsdfvbnm/1/vuldb/fbnoABGFBEGPcvgmowepgokwj293t0-23t202jk9t0.html"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "HTTP Header Handler"
          ],
          "product": "Central Authentication Service",
          "vendor": "Zytec Dalian Zhuoyun Technology",
          "versions": [
            {
              "status": "affected",
              "version": "3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "BadKitty (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Zytec Dalian Zhuoyun Technology Central Authentication Service 3 wurde eine Schwachstelle gefunden. Es betrifft eine unbekannte Funktion der Datei /index.php/auth/Ops/git der Komponente HTTP Header Handler. Mit der Manipulation des Arguments Authorization mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-255",
              "description": "Credentials Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-05T05:32:06.385Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-327042 | Zytec Dalian Zhuoyun Technology Central Authentication Service HTTP Header git hard-coded password",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.327042"
        },
        {
          "name": "VDB-327042 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.327042"
        },
        {
          "name": "Submit #659701 | https://www.zytec.cn Central Authentication Service 3 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.659701"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "http://101.200.76.102:38765/qwertyuiop/qwsdfvbnm/1/vuldb/fbnoABGFBEGPcvgmowepgokwj293t0-23t202jk9t0.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-04T11:39:33.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Zytec Dalian Zhuoyun Technology Central Authentication Service HTTP Header git hard-coded password"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11284",
    "datePublished": "2025-10-05T05:32:06.385Z",
    "dateReserved": "2025-10-04T09:34:19.617Z",
    "dateUpdated": "2025-10-07T18:16:59.518Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-11126 (GCVE-0-2025-11126)

Vulnerability from cvelistv5 – Published: 2025-09-29 00:02 – Updated: 2025-09-29 12:00
VLAI
Title
Apeman ID71 system.ini hard-coded credentials
Summary
A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Hard-coded Credentials
  • CWE-259 - Use of Hard-coded Password
Assigner
References
URL Tags
https://vuldb.com/?id.326209 vdb-entry
https://vuldb.com/?ctiid.326209 signaturepermissions-required
https://vuldb.com/?submit.654168 third-party-advisory
Impacted products
Vendor Product Version
Apeman ID71 Affected: 218.53.203.117
Create a notification for this product.
Credits
juliourena (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11126",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-29T11:59:48.426627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-29T12:00:34.530Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ID71",
          "vendor": "Apeman",
          "versions": [
            {
              "status": "affected",
              "version": "218.53.203.117"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "juliourena (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Apeman ID71 218.53.203.117 entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /system/www/system.ini. Durch das Beeinflussen mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 10,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T00:02:05.583Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-326209 | Apeman ID71 system.ini hard-coded credentials",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.326209"
        },
        {
          "name": "VDB-326209 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.326209"
        },
        {
          "name": "Submit #654168 | APEMAN IP CAMERA Model ID71 sysversion: 218.53.203.117 Hard-coded Credentials",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.654168"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-27T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-27T20:14:06.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Apeman ID71 system.ini hard-coded credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11126",
    "datePublished": "2025-09-29T00:02:05.583Z",
    "dateReserved": "2025-09-27T18:09:03.208Z",
    "dateUpdated": "2025-09-29T12:00:34.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9806 (GCVE-0-2025-9806)

Vulnerability from cvelistv5 – Published: 2025-09-02 00:32 – Updated: 2025-09-02 19:33
VLAI
Title
Tenda F1202 Administrative shadow hard-coded credentials
Summary
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Hard-coded Credentials
  • CWE-259 - Use of Hard-coded Password
Assigner
Impacted products
Vendor Product Version
Tenda F1202 Affected: 1.2.0.9
Affected: 1.2.0.14
Affected: 1.2.0.20
Create a notification for this product.
Credits
Yu Bao (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9806",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T19:27:54.101282Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-02T19:33:32.924Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Administrative Interface"
          ],
          "product": "F1202",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0.9"
            },
            {
              "status": "affected",
              "version": "1.2.0.14"
            },
            {
              "status": "affected",
              "version": "1.2.0.20"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yu Bao (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized."
        },
        {
          "lang": "de",
          "value": "In Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20 wurde eine Schwachstelle gefunden. Dies betrifft einen unbekannten Teil der Datei /etc_ro/shadow der Komponente Administrative Interface. Durch Manipulation mit der Eingabe Fireitup mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 1.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 1.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 1.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 0.8,
            "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-02T00:32:07.898Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-322130 | Tenda F1202 Administrative shadow hard-coded credentials",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.322130"
        },
        {
          "name": "VDB-322130 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.322130"
        },
        {
          "name": "Submit #640980 | Tenda F1202  V1.2.0.14/V1.2.0.20/V1.2.0.9 Hard-coded Credentials",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.640980"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e9.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e9.md#steps-to-reproduce"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-01T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-01T17:17:06.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda F1202 Administrative shadow hard-coded credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9806",
    "datePublished": "2025-09-02T00:32:07.898Z",
    "dateReserved": "2025-09-01T15:09:53.760Z",
    "dateUpdated": "2025-09-02T19:33:32.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9778 (GCVE-0-2025-9778)

Vulnerability from cvelistv5 – Published: 2025-09-01 12:02 – Updated: 2025-09-02 15:09
VLAI
Title
Tenda W12 Administrative shadow hard-coded credentials
Summary
A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Hard-coded Credentials
  • CWE-259 - Use of Hard-coded Password
Assigner
Impacted products
Vendor Product Version
Tenda W12 Affected: 1.0.0.1(5411)
Affected: 1.0.0.5(9419)
Affected: 2.0.0.3(8326)
Affected: 2.0.0.6(10720)
Affected: 3.0.0.5(3644)
Affected: 3.0.0.6(3948)
Create a notification for this product.
Credits
Yu Bao (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9778",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T14:27:55.530662Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-02T15:09:50.176Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Administrative Interface"
          ],
          "product": "W12",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.1(5411)"
            },
            {
              "status": "affected",
              "version": "1.0.0.5(9419)"
            },
            {
              "status": "affected",
              "version": "2.0.0.3(8326)"
            },
            {
              "status": "affected",
              "version": "2.0.0.6(10720)"
            },
            {
              "status": "affected",
              "version": "3.0.0.5(3644)"
            },
            {
              "status": "affected",
              "version": "3.0.0.6(3948)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yu Bao (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Tenda W12 bis 3.0.0.6(3948) gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /etc_ro/shadow der Komponente Administrative Interface. Durch Beeinflussen mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 1.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 1.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 1.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 0.8,
            "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-01T12:02:08.108Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-322080 | Tenda W12 Administrative shadow hard-coded credentials",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.322080"
        },
        {
          "name": "VDB-322080 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.322080"
        },
        {
          "name": "Submit #640969 | Tenda AP W12 V1/V2/V3 Hard-coded Credentials",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.640969"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-01T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-01T07:09:55.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda W12 Administrative shadow hard-coded credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9778",
    "datePublished": "2025-09-01T12:02:08.108Z",
    "dateReserved": "2025-09-01T05:04:51.235Z",
    "dateUpdated": "2025-09-02T15:09:50.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9731 (GCVE-0-2025-9731)

Vulnerability from cvelistv5 – Published: 2025-08-31 13:32 – Updated: 2025-09-02 15:14
VLAI
Title
Tenda AC9 Administrative shadow hard-coded credentials
Summary
A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Hard-coded Credentials
  • CWE-259 - Use of Hard-coded Password
Assigner
References
Impacted products
Vendor Product Version
Tenda AC9 Affected: 15.03.05.19
Create a notification for this product.
Credits
Yu_Bao (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9731",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T14:40:47.599793Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-02T15:14:30.872Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e4.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Administrative Interface"
          ],
          "product": "AC9",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.03.05.19"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yu_Bao (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack\u0027s complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized."
        },
        {
          "lang": "de",
          "value": "In Tenda AC9 15.03.05.19 wurde eine Schwachstelle gefunden. Dies betrifft einen unbekannten Teil der Datei /etc_ro/shadow der Komponente Administrative Interface. Durch Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff ist nur lokal m\u00f6glich. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Die Ausnutzbarkeit gilt als schwierig. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1,
            "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-31T13:32:07.821Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-322022 | Tenda AC9 Administrative shadow hard-coded credentials",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.322022"
        },
        {
          "name": "VDB-322022 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.322022"
        },
        {
          "name": "Submit #639748 | Tenda AC9 V15.03.05.19 Hard-coded Credentials",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.639748"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e4.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-30T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-30T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-30T16:03:04.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda AC9 Administrative shadow hard-coded credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9731",
    "datePublished": "2025-08-31T13:32:07.821Z",
    "dateReserved": "2025-08-30T13:58:00.879Z",
    "dateUpdated": "2025-09-02T15:14:30.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

For outbound authentication: store passwords outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible.

Mitigation
Architecture and Design

For inbound authentication: Rather than hard-code a default username and password for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password.

Mitigation
Architecture and Design

Perform access control checks and limit which entities can access the feature that requires the hard-coded password. For example, a feature might only be enabled through the system console instead of through a network connection.

Mitigation
Architecture and Design
  • For inbound authentication: apply strong one-way hashes to your passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When receiving an incoming password during authentication, take the hash of the password and compare it to the hash that you have saved.
  • Use randomly assigned salts for each separate hash that you generate. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method.
Mitigation
Architecture and Design

For front-end to back-end connections: Three solutions are possible, although none are complete.

No CAPEC attack patterns related to this CWE.