CVE-2025-9309 LOW

CVE-2025-9309: Tenda AC10 MD5 Hash shadow hard-coded credentials

Vendor Tenda
Product AC10
Weakness CWE-798 · Hardcoded credentials
Published August 21, 2025
Last update August 21, 2025

CVSS base score

2.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used.

Key dates

02Disclosure timeline

August 21, 2025 CVE published
August 21, 2025 Record updated