CVE-2025-9778

Summary

A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaW121.0.0.1(5411)affected
TendaW121.0.0.5(9419)affected
TendaW122.0.0.3(8326)affected
TendaW122.0.0.6(10720)affected
TendaW123.0.0.5(3644)affected
TendaW123.0.0.6(3948)affected

Weaknesses

  • CWE-798: Hard-coded Credentials
  • CWE-259: Use of Hard-coded Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References