A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized.
History

Mon, 01 Sep 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda ac9
Vendors & Products Tenda
Tenda ac9

Sun, 31 Aug 2025 13:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized.
Title Tenda AC9 Administrative shadow hard-coded credentials
Weaknesses CWE-259
CWE-798
References
Metrics cvssV2_0

{'score': 1, 'vector': 'AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 2.5, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 2.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 2, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-31T13:32:07.821Z

Reserved: 2025-08-30T13:58:00.879Z

Link: CVE-2025-9731

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-08-31T14:15:31.413

Modified: 2025-08-31T14:15:31.413

Link: CVE-2025-9731

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-01T09:02:03Z