CVE-2025-15371 - Vulnerability Details

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00011.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Tenda Subscribe	4g03 Pro Subscribe 4g05 Subscribe 4g08 Subscribe G0-8g-poe Subscribe I24 Subscribe Nova Mw5g Subscribe Teg5328f Subscribe

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Tenda Subscribe	4g03 Pro Subscribe 4g05 Subscribe 4g08 Subscribe G0-8g-poe Subscribe I24 Subscribe Nova Mw5g Subscribe Teg5328f Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md
https://vuldb.com/?ctiid.339075
https://vuldb.com/?id.339075
https://vuldb.com/?submit.727155
https://vuldb.com/?submit.727283
https://vuldb.com/?submit.727284
https://vuldb.com/?submit.727285
https://vuldb.com/?submit.727302
https://vuldb.com/?submit.727305
https://vuldb.com/?submit.727306
https://www.tenda.com.cn/

History

Mon, 05 Jan 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda 4g03 Pro Tenda 4g05 Tenda 4g08 Tenda g0-8g-poe Tenda i24 Tenda nova Mw5g Tenda teg5328f
Vendors & Products		Tenda Tenda 4g03 Pro Tenda 4g05 Tenda 4g08 Tenda g0-8g-poe Tenda i24 Tenda nova Mw5g Tenda teg5328f

Fri, 02 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 31 Dec 2025 01:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Title		Tenda i24 Shadow File hard-coded credentials
Weaknesses		CWE-259 CWE-798
References		https://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md https://vuldb.com/?ctiid.339075 https://vuldb.com/?id.339075 https://vuldb.com/?submit.727155 https://vuldb.com/?submit.727283 https://vuldb.com/?submit.727284 https://vuldb.com/?submit.727285 https://vuldb.com/?submit.727302 https://vuldb.com/?submit.727305 https://vuldb.com/?submit.727306 https://www.tenda.com.cn/
Metrics		cvssV2_0 `{'score': 6.8, 'vector': 'AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-12-31T01:02:06.989Z

Updated: 2026-01-02T14:38:01.600Z

Reserved: 2025-12-30T17:35:13.980Z

Link: CVE-2025-15371

Vulnrichment

Updated: 2026-01-02T14:22:59.243Z

NVD

Status : Awaiting Analysis

Published: 2025-12-31T01:15:54.797

Modified: 2025-12-31T20:42:15.637

Link: CVE-2025-15371

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-01-05T10:19:13Z

Weaknesses

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object