Vulnerability Description
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | Ac10 Firmware | 16.03.10.13 |
| Tenda | Ac10 | 4.0 |
Related Weaknesses (CWE)
References
- https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.mdExploitThird Party Advisory
- https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.mdExploitThird Party Advisory
- https://vuldb.com/?ctiid.320914Permissions RequiredVDB Entry
- https://vuldb.com/?id.320914Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.633585Third Party AdvisoryVDB Entry
- https://www.tenda.com.cn/Product
- https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.mdExploitThird Party Advisory
- https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.mdExploitThird Party Advisory
FAQ
What is CVE-2025-9309?
CVE-2025-9309 is a vulnerability with a CVSS score of 2.5 (LOW). A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credent...
How severe is CVE-2025-9309?
CVE-2025-9309 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9309?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda Ac10 Firmware, Tenda Ac10.