CVE-2025-15371
Published: Dec 31, 2025
Modified: Jan 2, 2026
CVSS v3.1
7.8
Description
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
| Vendor | Product | Versions |
|---|---|---|
Tenda | i24 | affected 1.0.0.35affected 3.0.0.8(4008)affected 04.03.01.49affected 04.05.01.15affected 04.08.01.28+2 more versions |
Tenda | 4G03 Pro | affected 1.0.0.35affected 3.0.0.8(4008)affected 04.03.01.49affected 04.05.01.15affected 04.08.01.28+2 more versions |
Tenda | 4G05 | affected 1.0.0.35affected 3.0.0.8(4008)affected 04.03.01.49affected 04.05.01.15affected 04.08.01.28+2 more versions |
Tenda | 4G08 | affected 1.0.0.35affected 3.0.0.8(4008)affected 04.03.01.49affected 04.05.01.15affected 04.08.01.28+2 more versions |
Tenda | G0-8G-PoE | affected 1.0.0.35affected 3.0.0.8(4008)affected 04.03.01.49affected 04.05.01.15affected 04.08.01.28+2 more versions |
Tenda | Nova MW5G | affected 1.0.0.35affected 3.0.0.8(4008)affected 04.03.01.49affected 04.05.01.15affected 04.08.01.28+2 more versions |
Tenda | TEG5328F | affected 1.0.0.35affected 3.0.0.8(4008)affected 04.03.01.49affected 04.05.01.15affected 04.08.01.28+2 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now