{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9778", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-09-01T05:04:51.235Z", "datePublished": "2025-09-01T12:02:08.108Z", "dateUpdated": "2025-09-02T15:09:50.176Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-01T12:02:08.108Z"}, "title": "Tenda W12 Administrative shadow hard-coded credentials", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-798", "lang": "en", "description": "Hard-coded Credentials"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-259", "lang": "en", "description": "Use of Hard-coded Password"}]}], "affected": [{"vendor": "Tenda", "product": "W12", "versions": [{"version": "1.0.0.1(5411)", "status": "affected"}, {"version": "1.0.0.5(9419)", "status": "affected"}, {"version": "2.0.0.3(8326)", "status": "affected"}, {"version": "2.0.0.6(10720)", "status": "affected"}, {"version": "3.0.0.5(3644)", "status": "affected"}, {"version": "3.0.0.6(3948)", "status": "affected"}], "modules": ["Administrative Interface"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Tenda W12 bis 3.0.0.6(3948) gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /etc_ro/shadow der Komponente Administrative Interface. Durch Beeinflussen mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 1.8, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 1.9, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 1.9, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 0.8, "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-09-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-09-01T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-09-01T07:09:55.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Yu Bao (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.322080", "name": "VDB-322080 | Tenda W12 Administrative shadow hard-coded credentials", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.322080", "name": "VDB-322080 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.640969", "name": "Submit #640969 | Tenda AP W12 V1/V2/V3 Hard-coded Credentials", "tags": ["third-party-advisory"]}, {"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md", "tags": ["related"]}, {"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"references": [{"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md", "tags": ["exploit"]}, {"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-02T14:27:55.530662Z", "id": "CVE-2025-9778", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T15:09:50.176Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9778", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-02T14:27:55.530662Z"}}}], "references": [{"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md", "tags": ["exploit"]}, {"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T14:28:09.980Z"}}], "cna": {"title": "Tenda W12 Administrative shadow hard-coded credentials", "credits": [{"lang": "en", "type": "reporter", "value": "Yu Bao (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 1.8, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 1.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 1.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 0.8, "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Tenda", "modules": ["Administrative Interface"], "product": "W12", "versions": [{"status": "affected", "version": "1.0.0.1(5411)"}, {"status": "affected", "version": "1.0.0.5(9419)"}, {"status": "affected", "version": "2.0.0.3(8326)"}, {"status": "affected", "version": "2.0.0.6(10720)"}, {"status": "affected", "version": "3.0.0.5(3644)"}, {"status": "affected", "version": "3.0.0.6(3948)"}]}], "timeline": [{"lang": "en", "time": "2025-09-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-09-01T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-09-01T07:09:55.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.322080", "name": "VDB-322080 | Tenda W12 Administrative shadow hard-coded credentials", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.322080", "name": "VDB-322080 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.640969", "name": "Submit #640969 | Tenda AP W12 V1/V2/V3 Hard-coded Credentials", "tags": ["third-party-advisory"]}, {"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md", "tags": ["related"]}, {"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Tenda W12 bis 3.0.0.6(3948) gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /etc_ro/shadow der Komponente Administrative Interface. Durch Beeinflussen mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "Hard-coded Credentials"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-259", "description": "Use of Hard-coded Password"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-01T12:02:08.108Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9778", "state": "PUBLISHED", "dateUpdated": "2025-09-02T15:09:50.176Z", "dateReserved": "2025-09-01T05:04:51.235Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-09-01T12:02:08.108Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:w12_firmware:3.0.0.6\\(3948\\):*:*:*:*:*:*:*", "matchCriteriaId": "5A053AC4-B48D-4733-B713-50F8CA2958A3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:w12:-:*:*:*:*:*:*:*", "matchCriteriaId": "92DF99FB-59B8-4B31-AE17-E898ED2CF217", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used."}], "id": "CVE-2025-9778", "lastModified": "2025-09-04T16:19:21.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 0.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 1.2, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.8, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-09-01T12:15:32.180", "references": [{"source": "cna@vuldb.com", "tags": ["Not Applicable"], "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"}, {"source": "cna@vuldb.com", "tags": ["Not Applicable"], "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.322080"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.322080"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.640969"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Not Applicable"], "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Not Applicable"], "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e8.md#steps-to-reproduce"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}, {"lang": "en", "value": "CWE-798"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"created": "2025-09-02T15:23:15.315017+00:00", "updated": "2025-09-02T15:23:15.315092+00:00", "vendors": ["tenda", "tenda$PRODUCT$w12"]}