PT-2025-35520 · Tenda · Tenda Fh1202
Yu Bao
·
Published
2025-08-25
·
Updated
2025-09-02
·
CVE-2025-9806
CVSS v3.1
6.4
Medium
| Vector | AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda F1202 versions 1.2.0.9 through 1.2.0.20
Description
A vulnerability exists in the Tenda F1202 device, specifically impacting an unknown function within the
/etc ro/shadow file of the Administrative Interface component. Manipulation of the input Fireitup causes the disclosure of hard-coded credentials. This issue can only be exploited locally and requires a high degree of complexity. The exploit has been publicly disclosed.Recommendations
Update Tenda F1202 to a version beyond 1.2.0.20.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tenda Fh1202