{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9309","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-08-21T06:06:44.302Z","datePublished":"2025-08-21T16:32:08.672Z","dateUpdated":"2025-08-21T17:31:37.142Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-08-21T16:32:08.672Z"},"title":"Tenda AC10 MD5 Hash shadow hard-coded credentials","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-798","lang":"en","description":"Hard-coded Credentials"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-259","lang":"en","description":"Use of Hard-coded Password"}]}],"affected":[{"vendor":"Tenda","product":"AC10","versions":[{"version":"16.03.10.13","status":"affected"}],"modules":["MD5 Hash Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used."},{"lang":"de","value":"In Tenda AC10 16.03.10.13 wurde eine Schwachstelle gefunden. Es geht um eine nicht näher bekannte Funktion der Datei /etc_ro/shadow der Komponente MD5 Hash Handler. Mittels Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Die Ausführung eines Exploits gilt als schwer. Die Ausnutzung wurde veröffentlicht und kann verwendet werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":2,"vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"LOW"}},{"cvssV3_1":{"version":"3.1","baseScore":2.5,"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.5,"vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":1,"vectorString":"AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-08-21T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-08-21T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-08-21T08:11:48.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"lxyilu (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.320914","name":"VDB-320914 | Tenda AC10 MD5 Hash shadow hard-coded credentials","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.320914","name":"VDB-320914 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.633585","name":"Submit #633585 | Tenda Tenda Wi-Fi 5 Router AC10 AC10V4.0si_V16.03.10.13 Hard-coded Credentials","tags":["third-party-advisory"]},{"url":"https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.md","tags":["related"]},{"url":"https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.md#steps-to-reproduce","tags":["exploit"]},{"url":"https://www.tenda.com.cn/","tags":["product"]}]},"adp":[{"references":[{"url":"https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.md#steps-to-reproduce","tags":["exploit"]},{"url":"https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC10/V4.0si_V16.03.10.13.md","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-21T17:22:51.502547Z","id":"CVE-2025-9309","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-21T17:31:37.142Z"}}]}}