Search
Find a vulnerability
Search criteria
6 vulnerabilities found for 4G03 Pro by Tenda
CVE-2026-5527 (GCVE-0-2026-5527)
Vulnerability from nvd – Published: 2026-04-04 23:15 – Updated: 2026-04-06 13:25
VLAI
Title
Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key
Summary
A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key
. It is possible to initiate the attack remotely.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355280 | vdb-entry |
| https://vuldb.com/vuln/355280/cti | signaturepermissions-required |
| https://vuldb.com/submit/782053 | third-party-advisory |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T13:25:37.832426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T13:25:49.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"ECDSA P-256 Private Key Handler"
],
"product": "4G03 Pro",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.0re"
},
{
"status": "affected",
"version": "01.bin"
},
{
"status": "affected",
"version": "04.03.01.53"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CoreNode (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key\r . It is possible to initiate the attack remotely."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-320",
"description": "Key Management Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T23:15:12.490Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355280 | Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/355280"
},
{
"name": "VDB-355280 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355280/cti"
},
{
"name": "Submit #782053 | Tenda 4G03 Pro V1.0 V04.03.01.53 Cryptographic Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782053"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T08:25:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5527",
"datePublished": "2026-04-04T23:15:12.490Z",
"dateReserved": "2026-04-04T06:20:03.869Z",
"dateUpdated": "2026-04-06T13:25:49.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5526 (GCVE-0-2026-5526)
Vulnerability from nvd – Published: 2026-04-04 22:15 – Updated: 2026-04-06 14:51
VLAI
Title
Tenda 4G03 Pro httpd access control
Summary
A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355279 | vdb-entry |
| https://vuldb.com/vuln/355279/cti | signaturepermissions-required |
| https://vuldb.com/submit/782052 | third-party-advisory |
| https://www.tenda.com.cn/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | 4G03 Pro |
Affected:
1.0
Affected: 1.1 Affected: 04.03.01.0 Affected: 04.03.01.1 Affected: 04.03.01.2 Affected: 04.03.01.3 Affected: 04.03.01.4 Affected: 04.03.01.5 Affected: 04.03.01.6 Affected: 04.03.01.7 Affected: 04.03.01.8 Affected: 04.03.01.9 Affected: 04.03.01.10 Affected: 04.03.01.11 Affected: 04.03.01.12 Affected: 04.03.01.13 Affected: 04.03.01.14 Affected: 04.03.01.15 Affected: 04.03.01.16 Affected: 04.03.01.17 Affected: 04.03.01.18 Affected: 04.03.01.19 Affected: 04.03.01.20 Affected: 04.03.01.21 Affected: 04.03.01.22 Affected: 04.03.01.23 Affected: 04.03.01.24 Affected: 04.03.01.25 Affected: 04.03.01.26 Affected: 04.03.01.27 Affected: 04.03.01.28 Affected: 04.03.01.29 Affected: 04.03.01.30 Affected: 04.03.01.31 Affected: 04.03.01.32 Affected: 04.03.01.33 Affected: 04.03.01.34 Affected: 04.03.01.35 Affected: 04.03.01.36 Affected: 04.03.01.37 Affected: 04.03.01.38 Affected: 04.03.01.39 Affected: 04.03.01.40 Affected: 04.03.01.41 Affected: 04.03.01.42 Affected: 04.03.01.43 Affected: 04.03.01.44 Affected: 04.03.01.45 Affected: 04.03.01.46 Affected: 04.03.01.47 Affected: 04.03.01.48 Affected: 04.03.01.49 Affected: 04.03.01.50 Affected: 04.03.01.51 Affected: 04.03.01.52 Affected: 04.03.01.53 Affected: 192.168.0.0 Affected: 192.168.0.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:28:18.964474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:51:31.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "4G03 Pro",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "04.03.01.0"
},
{
"status": "affected",
"version": "04.03.01.1"
},
{
"status": "affected",
"version": "04.03.01.2"
},
{
"status": "affected",
"version": "04.03.01.3"
},
{
"status": "affected",
"version": "04.03.01.4"
},
{
"status": "affected",
"version": "04.03.01.5"
},
{
"status": "affected",
"version": "04.03.01.6"
},
{
"status": "affected",
"version": "04.03.01.7"
},
{
"status": "affected",
"version": "04.03.01.8"
},
{
"status": "affected",
"version": "04.03.01.9"
},
{
"status": "affected",
"version": "04.03.01.10"
},
{
"status": "affected",
"version": "04.03.01.11"
},
{
"status": "affected",
"version": "04.03.01.12"
},
{
"status": "affected",
"version": "04.03.01.13"
},
{
"status": "affected",
"version": "04.03.01.14"
},
{
"status": "affected",
"version": "04.03.01.15"
},
{
"status": "affected",
"version": "04.03.01.16"
},
{
"status": "affected",
"version": "04.03.01.17"
},
{
"status": "affected",
"version": "04.03.01.18"
},
{
"status": "affected",
"version": "04.03.01.19"
},
{
"status": "affected",
"version": "04.03.01.20"
},
{
"status": "affected",
"version": "04.03.01.21"
},
{
"status": "affected",
"version": "04.03.01.22"
},
{
"status": "affected",
"version": "04.03.01.23"
},
{
"status": "affected",
"version": "04.03.01.24"
},
{
"status": "affected",
"version": "04.03.01.25"
},
{
"status": "affected",
"version": "04.03.01.26"
},
{
"status": "affected",
"version": "04.03.01.27"
},
{
"status": "affected",
"version": "04.03.01.28"
},
{
"status": "affected",
"version": "04.03.01.29"
},
{
"status": "affected",
"version": "04.03.01.30"
},
{
"status": "affected",
"version": "04.03.01.31"
},
{
"status": "affected",
"version": "04.03.01.32"
},
{
"status": "affected",
"version": "04.03.01.33"
},
{
"status": "affected",
"version": "04.03.01.34"
},
{
"status": "affected",
"version": "04.03.01.35"
},
{
"status": "affected",
"version": "04.03.01.36"
},
{
"status": "affected",
"version": "04.03.01.37"
},
{
"status": "affected",
"version": "04.03.01.38"
},
{
"status": "affected",
"version": "04.03.01.39"
},
{
"status": "affected",
"version": "04.03.01.40"
},
{
"status": "affected",
"version": "04.03.01.41"
},
{
"status": "affected",
"version": "04.03.01.42"
},
{
"status": "affected",
"version": "04.03.01.43"
},
{
"status": "affected",
"version": "04.03.01.44"
},
{
"status": "affected",
"version": "04.03.01.45"
},
{
"status": "affected",
"version": "04.03.01.46"
},
{
"status": "affected",
"version": "04.03.01.47"
},
{
"status": "affected",
"version": "04.03.01.48"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.03.01.50"
},
{
"status": "affected",
"version": "04.03.01.51"
},
{
"status": "affected",
"version": "04.03.01.52"
},
{
"status": "affected",
"version": "04.03.01.53"
},
{
"status": "affected",
"version": "192.168.0.0"
},
{
"status": "affected",
"version": "192.168.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CoreNode (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T22:15:14.338Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355279 | Tenda 4G03 Pro httpd access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/355279"
},
{
"name": "VDB-355279 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355279/cti"
},
{
"name": "Submit #782052 | Tenda Tenda 4G03 Pro V1.0 V04.03.01.53 Authentication Bypass Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782052"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T08:25:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda 4G03 Pro httpd access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5526",
"datePublished": "2026-04-04T22:15:14.338Z",
"dateReserved": "2026-04-04T06:19:57.834Z",
"dateUpdated": "2026-04-06T14:51:31.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15371 (GCVE-0-2025-15371)
Vulnerability from nvd – Published: 2025-12-31 01:02 – Updated: 2026-01-02 14:38
VLAI
Title
Tenda i24 Shadow File hard-coded credentials
Summary
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.339075 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.339075 | signaturepermissions-required |
| https://vuldb.com/?submit.727155 | third-party-advisory |
| https://vuldb.com/?submit.727283 | third-party-advisory |
| https://vuldb.com/?submit.727284 | third-party-advisory |
| https://vuldb.com/?submit.727285 | third-party-advisory |
| https://vuldb.com/?submit.727302 | third-party-advisory |
| https://vuldb.com/?submit.727305 | third-party-advisory |
| https://vuldb.com/?submit.727306 | third-party-advisory |
| https://github.com/vuln-1/vuln/blob/main/Tenda/i2… | exploit |
| https://www.tenda.com.cn/ | product |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | i24 |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | 4G03 Pro |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | 4G05 |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | 4G08 |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | G0-8G-PoE |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | Nova MW5G |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | TEG5328F |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T14:22:55.128847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T14:38:01.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Shadow File"
],
"product": "i24",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "4G03 Pro",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "4G05",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "4G08",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "G0-8G-PoE",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "Nova MW5G",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "TEG5328F",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "vlun-1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T01:02:06.989Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-339075 | Tenda i24 Shadow File hard-coded credentials",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.339075"
},
{
"name": "VDB-339075 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.339075"
},
{
"name": "Submit #727155 | Tenda Tenda i24v3.0 V3.0.0.8(4008) V3.0.0.8(4008) Hard-coded Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727155"
},
{
"name": "Submit #727283 | Tenda 4G03ProV1.0re V04.03.01.49 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727283"
},
{
"name": "Submit #727284 | Tenda 4G05V1.0re V04.05.01.15 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727284"
},
{
"name": "Submit #727285 | Tenda 4G08V1.0re V04.08.01.28 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727285"
},
{
"name": "Submit #727302 | Tenda G0-8G-PoEV2.0si V16.01.8.5 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727302"
},
{
"name": "Submit #727305 | Tenda MW5GV1.0re V1.0.0.35 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727305"
},
{
"name": "Submit #727306 | Tenda TEG5328FV1.0ma V65.10.15.6 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727306"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-30T19:37:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda i24 Shadow File hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15371",
"datePublished": "2025-12-31T01:02:06.989Z",
"dateReserved": "2025-12-30T17:35:13.980Z",
"dateUpdated": "2026-01-02T14:38:01.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5527 (GCVE-0-2026-5527)
Vulnerability from cvelistv5 – Published: 2026-04-04 23:15 – Updated: 2026-04-06 13:25
VLAI
Title
Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key
Summary
A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key
. It is possible to initiate the attack remotely.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355280 | vdb-entry |
| https://vuldb.com/vuln/355280/cti | signaturepermissions-required |
| https://vuldb.com/submit/782053 | third-party-advisory |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T13:25:37.832426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T13:25:49.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"ECDSA P-256 Private Key Handler"
],
"product": "4G03 Pro",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.0re"
},
{
"status": "affected",
"version": "01.bin"
},
{
"status": "affected",
"version": "04.03.01.53"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CoreNode (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key\r . It is possible to initiate the attack remotely."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-320",
"description": "Key Management Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T23:15:12.490Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355280 | Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/355280"
},
{
"name": "VDB-355280 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355280/cti"
},
{
"name": "Submit #782053 | Tenda 4G03 Pro V1.0 V04.03.01.53 Cryptographic Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782053"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T08:25:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5527",
"datePublished": "2026-04-04T23:15:12.490Z",
"dateReserved": "2026-04-04T06:20:03.869Z",
"dateUpdated": "2026-04-06T13:25:49.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5526 (GCVE-0-2026-5526)
Vulnerability from cvelistv5 – Published: 2026-04-04 22:15 – Updated: 2026-04-06 14:51
VLAI
Title
Tenda 4G03 Pro httpd access control
Summary
A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355279 | vdb-entry |
| https://vuldb.com/vuln/355279/cti | signaturepermissions-required |
| https://vuldb.com/submit/782052 | third-party-advisory |
| https://www.tenda.com.cn/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | 4G03 Pro |
Affected:
1.0
Affected: 1.1 Affected: 04.03.01.0 Affected: 04.03.01.1 Affected: 04.03.01.2 Affected: 04.03.01.3 Affected: 04.03.01.4 Affected: 04.03.01.5 Affected: 04.03.01.6 Affected: 04.03.01.7 Affected: 04.03.01.8 Affected: 04.03.01.9 Affected: 04.03.01.10 Affected: 04.03.01.11 Affected: 04.03.01.12 Affected: 04.03.01.13 Affected: 04.03.01.14 Affected: 04.03.01.15 Affected: 04.03.01.16 Affected: 04.03.01.17 Affected: 04.03.01.18 Affected: 04.03.01.19 Affected: 04.03.01.20 Affected: 04.03.01.21 Affected: 04.03.01.22 Affected: 04.03.01.23 Affected: 04.03.01.24 Affected: 04.03.01.25 Affected: 04.03.01.26 Affected: 04.03.01.27 Affected: 04.03.01.28 Affected: 04.03.01.29 Affected: 04.03.01.30 Affected: 04.03.01.31 Affected: 04.03.01.32 Affected: 04.03.01.33 Affected: 04.03.01.34 Affected: 04.03.01.35 Affected: 04.03.01.36 Affected: 04.03.01.37 Affected: 04.03.01.38 Affected: 04.03.01.39 Affected: 04.03.01.40 Affected: 04.03.01.41 Affected: 04.03.01.42 Affected: 04.03.01.43 Affected: 04.03.01.44 Affected: 04.03.01.45 Affected: 04.03.01.46 Affected: 04.03.01.47 Affected: 04.03.01.48 Affected: 04.03.01.49 Affected: 04.03.01.50 Affected: 04.03.01.51 Affected: 04.03.01.52 Affected: 04.03.01.53 Affected: 192.168.0.0 Affected: 192.168.0.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:28:18.964474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:51:31.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "4G03 Pro",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "04.03.01.0"
},
{
"status": "affected",
"version": "04.03.01.1"
},
{
"status": "affected",
"version": "04.03.01.2"
},
{
"status": "affected",
"version": "04.03.01.3"
},
{
"status": "affected",
"version": "04.03.01.4"
},
{
"status": "affected",
"version": "04.03.01.5"
},
{
"status": "affected",
"version": "04.03.01.6"
},
{
"status": "affected",
"version": "04.03.01.7"
},
{
"status": "affected",
"version": "04.03.01.8"
},
{
"status": "affected",
"version": "04.03.01.9"
},
{
"status": "affected",
"version": "04.03.01.10"
},
{
"status": "affected",
"version": "04.03.01.11"
},
{
"status": "affected",
"version": "04.03.01.12"
},
{
"status": "affected",
"version": "04.03.01.13"
},
{
"status": "affected",
"version": "04.03.01.14"
},
{
"status": "affected",
"version": "04.03.01.15"
},
{
"status": "affected",
"version": "04.03.01.16"
},
{
"status": "affected",
"version": "04.03.01.17"
},
{
"status": "affected",
"version": "04.03.01.18"
},
{
"status": "affected",
"version": "04.03.01.19"
},
{
"status": "affected",
"version": "04.03.01.20"
},
{
"status": "affected",
"version": "04.03.01.21"
},
{
"status": "affected",
"version": "04.03.01.22"
},
{
"status": "affected",
"version": "04.03.01.23"
},
{
"status": "affected",
"version": "04.03.01.24"
},
{
"status": "affected",
"version": "04.03.01.25"
},
{
"status": "affected",
"version": "04.03.01.26"
},
{
"status": "affected",
"version": "04.03.01.27"
},
{
"status": "affected",
"version": "04.03.01.28"
},
{
"status": "affected",
"version": "04.03.01.29"
},
{
"status": "affected",
"version": "04.03.01.30"
},
{
"status": "affected",
"version": "04.03.01.31"
},
{
"status": "affected",
"version": "04.03.01.32"
},
{
"status": "affected",
"version": "04.03.01.33"
},
{
"status": "affected",
"version": "04.03.01.34"
},
{
"status": "affected",
"version": "04.03.01.35"
},
{
"status": "affected",
"version": "04.03.01.36"
},
{
"status": "affected",
"version": "04.03.01.37"
},
{
"status": "affected",
"version": "04.03.01.38"
},
{
"status": "affected",
"version": "04.03.01.39"
},
{
"status": "affected",
"version": "04.03.01.40"
},
{
"status": "affected",
"version": "04.03.01.41"
},
{
"status": "affected",
"version": "04.03.01.42"
},
{
"status": "affected",
"version": "04.03.01.43"
},
{
"status": "affected",
"version": "04.03.01.44"
},
{
"status": "affected",
"version": "04.03.01.45"
},
{
"status": "affected",
"version": "04.03.01.46"
},
{
"status": "affected",
"version": "04.03.01.47"
},
{
"status": "affected",
"version": "04.03.01.48"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.03.01.50"
},
{
"status": "affected",
"version": "04.03.01.51"
},
{
"status": "affected",
"version": "04.03.01.52"
},
{
"status": "affected",
"version": "04.03.01.53"
},
{
"status": "affected",
"version": "192.168.0.0"
},
{
"status": "affected",
"version": "192.168.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CoreNode (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T22:15:14.338Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355279 | Tenda 4G03 Pro httpd access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/355279"
},
{
"name": "VDB-355279 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355279/cti"
},
{
"name": "Submit #782052 | Tenda Tenda 4G03 Pro V1.0 V04.03.01.53 Authentication Bypass Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782052"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T08:25:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda 4G03 Pro httpd access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5526",
"datePublished": "2026-04-04T22:15:14.338Z",
"dateReserved": "2026-04-04T06:19:57.834Z",
"dateUpdated": "2026-04-06T14:51:31.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15371 (GCVE-0-2025-15371)
Vulnerability from cvelistv5 – Published: 2025-12-31 01:02 – Updated: 2026-01-02 14:38
VLAI
Title
Tenda i24 Shadow File hard-coded credentials
Summary
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.339075 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.339075 | signaturepermissions-required |
| https://vuldb.com/?submit.727155 | third-party-advisory |
| https://vuldb.com/?submit.727283 | third-party-advisory |
| https://vuldb.com/?submit.727284 | third-party-advisory |
| https://vuldb.com/?submit.727285 | third-party-advisory |
| https://vuldb.com/?submit.727302 | third-party-advisory |
| https://vuldb.com/?submit.727305 | third-party-advisory |
| https://vuldb.com/?submit.727306 | third-party-advisory |
| https://github.com/vuln-1/vuln/blob/main/Tenda/i2… | exploit |
| https://www.tenda.com.cn/ | product |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | i24 |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | 4G03 Pro |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | 4G05 |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | 4G08 |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | G0-8G-PoE |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | Nova MW5G |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
|
| Tenda | TEG5328F |
Affected:
1.0.0.35
Affected: 3.0.0.8(4008) Affected: 04.03.01.49 Affected: 04.05.01.15 Affected: 04.08.01.28 Affected: 16.01.8.5 Affected: 65.10.15.6 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T14:22:55.128847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T14:38:01.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Shadow File"
],
"product": "i24",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "4G03 Pro",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "4G05",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "4G08",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "G0-8G-PoE",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "Nova MW5G",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
},
{
"modules": [
"Shadow File"
],
"product": "TEG5328F",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.35"
},
{
"status": "affected",
"version": "3.0.0.8(4008)"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.05.01.15"
},
{
"status": "affected",
"version": "04.08.01.28"
},
{
"status": "affected",
"version": "16.01.8.5"
},
{
"status": "affected",
"version": "65.10.15.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "vlun-1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T01:02:06.989Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-339075 | Tenda i24 Shadow File hard-coded credentials",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.339075"
},
{
"name": "VDB-339075 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.339075"
},
{
"name": "Submit #727155 | Tenda Tenda i24v3.0 V3.0.0.8(4008) V3.0.0.8(4008) Hard-coded Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727155"
},
{
"name": "Submit #727283 | Tenda 4G03ProV1.0re V04.03.01.49 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727283"
},
{
"name": "Submit #727284 | Tenda 4G05V1.0re V04.05.01.15 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727284"
},
{
"name": "Submit #727285 | Tenda 4G08V1.0re V04.08.01.28 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727285"
},
{
"name": "Submit #727302 | Tenda G0-8G-PoEV2.0si V16.01.8.5 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727302"
},
{
"name": "Submit #727305 | Tenda MW5GV1.0re V1.0.0.35 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727305"
},
{
"name": "Submit #727306 | Tenda TEG5328FV1.0ma V65.10.15.6 Hard-coded Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.727306"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-30T19:37:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda i24 Shadow File hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15371",
"datePublished": "2025-12-31T01:02:06.989Z",
"dateReserved": "2025-12-30T17:35:13.980Z",
"dateUpdated": "2026-01-02T14:38:01.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}