VAR-202508-2044
Vulnerability from variot - Updated: 2025-11-19 23:25A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC20 is a home router released by Tenda.
The Tenda AC20 suffers from a hardcoded credential vulnerability caused by hardcoded credentials in the /etc_ro/shadow file. This vulnerability could be exploited to compromise confidentiality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202508-2044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac20",
"scope": "eq",
"trust": 1.6,
"vendor": "tenda",
"version": "16.03.08.12"
},
{
"model": "ac20",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac20",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "ac20 firmware 16.03.08.12"
},
{
"model": "ac20",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24482"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-012082"
},
{
"db": "NVD",
"id": "CVE-2025-9091"
}
]
},
"cve": "CVE-2025-9091",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 1.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.5,
"id": "CVE-2025-9091",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 1.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2025-012082",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.5,
"id": "CNVD-2025-24482",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.0,
"id": "CVE-2025-9091",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-9091",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-012082",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2025-9091",
"trust": 1.0,
"value": "Low"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-9091",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-012082",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-24482",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24482"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-012082"
},
{
"db": "NVD",
"id": "CVE-2025-9091"
},
{
"db": "NVD",
"id": "CVE-2025-9091"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC20 The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC20 is a home router released by Tenda. \n\nThe Tenda AC20 suffers from a hardcoded credential vulnerability caused by hardcoded credentials in the /etc_ro/shadow file. This vulnerability could be exploited to compromise confidentiality",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-9091"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-012082"
},
{
"db": "CNVD",
"id": "CNVD-2025-24482"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-9091",
"trust": 3.2
},
{
"db": "VULDB",
"id": "320359",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-012082",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-24482",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24482"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-012082"
},
{
"db": "NVD",
"id": "CVE-2025-9091"
}
]
},
"id": "VAR-202508-2044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24482"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24482"
}
]
},
"last_update_date": "2025-11-19T23:25:00.661000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "CWE-259",
"trust": 1.0
},
{
"problemtype": "Using hardcoded passwords (CWE-259) [ others ]",
"trust": 0.8
},
{
"problemtype": " Use hard-coded credentials (CWE-798) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-012082"
},
{
"db": "NVD",
"id": "CVE-2025-9091"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/zz2266/.github.io/blob/main/ac20/hardcoded%20password/readme.md#description"
},
{
"trust": 1.8,
"url": "https://github.com/zz2266/.github.io/tree/main/ac20/hardcoded%20password/readme.md"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.320359"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.632268"
},
{
"trust": 1.8,
"url": "https://www.tenda.com.cn/"
},
{
"trust": 1.8,
"url": "https://github.com/zz2266/.github.io/blob/main/ac20/hardcoded%20password/readme.md"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.320359"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-9091"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24482"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-012082"
},
{
"db": "NVD",
"id": "CVE-2025-9091"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-24482"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-012082"
},
{
"db": "NVD",
"id": "CVE-2025-9091"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-24482"
},
{
"date": "2025-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-012082"
},
{
"date": "2025-08-17T03:15:27.650000",
"db": "NVD",
"id": "CVE-2025-9091"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-24482"
},
{
"date": "2025-08-22T06:01:00",
"db": "JVNDB",
"id": "JVNDB-2025-012082"
},
{
"date": "2025-08-21T16:10:43.800000",
"db": "NVD",
"id": "CVE-2025-9091"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC20\u00a0 Hardcoded password usage vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-012082"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…