A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
History

Tue, 02 Sep 2025 00:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
Title Tenda F1202 Administrative shadow hard-coded credentials
Weaknesses CWE-259
CWE-798
References
Metrics cvssV2_0

{'score': 0.8, 'vector': 'AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 1.9, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 1.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 1.8, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-09-02T00:32:07.898Z

Reserved: 2025-09-01T15:09:53.760Z

Link: CVE-2025-9806

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-02T01:15:30.957

Modified: 2025-09-02T01:15:30.957

Link: CVE-2025-9806

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.