{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-15371","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-12-30T17:35:13.980Z","datePublished":"2025-12-31T01:02:06.989Z","dateUpdated":"2026-01-02T14:38:01.600Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-12-31T01:02:06.989Z"},"title":"Tenda i24 Shadow File hard-coded credentials","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-798","lang":"en","description":"Hard-coded Credentials"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-259","lang":"en","description":"Use of Hard-coded Password"}]}],"affected":[{"vendor":"Tenda","product":"i24","versions":[{"version":"1.0.0.35","status":"affected"},{"version":"3.0.0.8(4008)","status":"affected"},{"version":"04.03.01.49","status":"affected"},{"version":"04.05.01.15","status":"affected"},{"version":"04.08.01.28","status":"affected"},{"version":"16.01.8.5","status":"affected"},{"version":"65.10.15.6","status":"affected"}],"modules":["Shadow File"]},{"vendor":"Tenda","product":"4G03 Pro","versions":[{"version":"1.0.0.35","status":"affected"},{"version":"3.0.0.8(4008)","status":"affected"},{"version":"04.03.01.49","status":"affected"},{"version":"04.05.01.15","status":"affected"},{"version":"04.08.01.28","status":"affected"},{"version":"16.01.8.5","status":"affected"},{"version":"65.10.15.6","status":"affected"}],"modules":["Shadow File"]},{"vendor":"Tenda","product":"4G05","versions":[{"version":"1.0.0.35","status":"affected"},{"version":"3.0.0.8(4008)","status":"affected"},{"version":"04.03.01.49","status":"affected"},{"version":"04.05.01.15","status":"affected"},{"version":"04.08.01.28","status":"affected"},{"version":"16.01.8.5","status":"affected"},{"version":"65.10.15.6","status":"affected"}],"modules":["Shadow File"]},{"vendor":"Tenda","product":"4G08","versions":[{"version":"1.0.0.35","status":"affected"},{"version":"3.0.0.8(4008)","status":"affected"},{"version":"04.03.01.49","status":"affected"},{"version":"04.05.01.15","status":"affected"},{"version":"04.08.01.28","status":"affected"},{"version":"16.01.8.5","status":"affected"},{"version":"65.10.15.6","status":"affected"}],"modules":["Shadow File"]},{"vendor":"Tenda","product":"G0-8G-PoE","versions":[{"version":"1.0.0.35","status":"affected"},{"version":"3.0.0.8(4008)","status":"affected"},{"version":"04.03.01.49","status":"affected"},{"version":"04.05.01.15","status":"affected"},{"version":"04.08.01.28","status":"affected"},{"version":"16.01.8.5","status":"affected"},{"version":"65.10.15.6","status":"affected"}],"modules":["Shadow File"]},{"vendor":"Tenda","product":"Nova MW5G","versions":[{"version":"1.0.0.35","status":"affected"},{"version":"3.0.0.8(4008)","status":"affected"},{"version":"04.03.01.49","status":"affected"},{"version":"04.05.01.15","status":"affected"},{"version":"04.08.01.28","status":"affected"},{"version":"16.01.8.5","status":"affected"},{"version":"65.10.15.6","status":"affected"}],"modules":["Shadow File"]},{"vendor":"Tenda","product":"TEG5328F","versions":[{"version":"1.0.0.35","status":"affected"},{"version":"3.0.0.8(4008)","status":"affected"},{"version":"04.03.01.49","status":"affected"},{"version":"04.05.01.15","status":"affected"},{"version":"04.08.01.28","status":"affected"},{"version":"16.01.8.5","status":"affected"},{"version":"65.10.15.6","status":"affected"}],"modules":["Shadow File"]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":8.5,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","baseSeverity":"HIGH"}},{"cvssV3_1":{"version":"3.1","baseScore":7.8,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.8,"vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":6.8,"vectorString":"AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-12-30T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-12-30T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-12-30T19:37:46.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"vlun-1 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.339075","name":"VDB-339075 | Tenda i24 Shadow File hard-coded credentials","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.339075","name":"VDB-339075 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.727155","name":"Submit #727155 | Tenda Tenda i24v3.0 V3.0.0.8(4008) V3.0.0.8(4008) Hard-coded Credentials","tags":["third-party-advisory"]},{"url":"https://vuldb.com/?submit.727283","name":"Submit #727283 | Tenda  4G03ProV1.0re V04.03.01.49 Hard-coded Credentials (Duplicate)","tags":["third-party-advisory"]},{"url":"https://vuldb.com/?submit.727284","name":"Submit #727284 | Tenda 4G05V1.0re V04.05.01.15 Hard-coded Credentials (Duplicate)","tags":["third-party-advisory"]},{"url":"https://vuldb.com/?submit.727285","name":"Submit #727285 | Tenda 4G08V1.0re V04.08.01.28 Hard-coded Credentials (Duplicate)","tags":["third-party-advisory"]},{"url":"https://vuldb.com/?submit.727302","name":"Submit #727302 | Tenda G0-8G-PoEV2.0si V16.01.8.5 Hard-coded Credentials (Duplicate)","tags":["third-party-advisory"]},{"url":"https://vuldb.com/?submit.727305","name":"Submit #727305 | Tenda MW5GV1.0re V1.0.0.35 Hard-coded Credentials (Duplicate)","tags":["third-party-advisory"]},{"url":"https://vuldb.com/?submit.727306","name":"Submit #727306 | Tenda TEG5328FV1.0ma V65.10.15.6 Hard-coded Credentials (Duplicate)","tags":["third-party-advisory"]},{"url":"https://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md","tags":["exploit"]},{"url":"https://www.tenda.com.cn/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-02T14:22:55.128847Z","id":"CVE-2025-15371","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-02T14:38:01.600Z"}}]}}