CVE-2025-9091

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Configurations

No configuration.

History

18 Aug 2025, 14:15

Type Values Removed Values Added
References
  • () https://github.com/ZZ2266/.github.io/blob/main/AC20/hardcoded%20password/readme.md -
References () https://github.com/ZZ2266/.github.io/blob/main/AC20/hardcoded%20password/readme.md#description - () https://github.com/ZZ2266/.github.io/blob/main/AC20/hardcoded%20password/readme.md#description -
Summary
  • (es) Se ha descubierto una falla de seguridad en Tenda AC20 16.03.08.12. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /etc_ro/shadow. La manipulación da lugar a credenciales codificadas. Es posible lanzar el ataque contra el host local. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado.

17 Aug 2025, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-17 03:15

Updated : 2025-08-18 20:16


NVD link : CVE-2025-9091

Mitre link : CVE-2025-9091

CVE.ORG link : CVE-2025-9091


JSON object : View

Products Affected

No product.

CWE
CWE-259

Use of Hard-coded Password

CWE-798

Use of Hard-coded Credentials