PT-2025-54267 · Tenda · Tenda Nova Mw5G+6
Vlun-1
·
Published
2025-12-31
·
Updated
2026-01-05
·
CVE-2025-15371
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda i24 versions prior to 65.10.15.7
Tenda 4G03 Pro versions prior to 65.10.15.7
Tenda 4G05 versions prior to 65.10.15.7
Tenda 4G08 versions prior to 65.10.15.7
Tenda G0-8G-PoE versions prior to 65.10.15.7
Tenda Nova MW5G versions prior to 65.10.15.7
Tenda TEG5328F versions prior to 65.10.15.7
Description
A flaw exists in Tenda devices related to the Shadow File component. Manipulation of the
Fireitup input can lead to the disclosure of hard-coded credentials. This requires local access to the device. The exploit details have been publicly released.Recommendations
Update Tenda i24 to a version later than 65.10.15.6.
Update Tenda 4G03 Pro to a version later than 65.10.15.6.
Update Tenda 4G05 to a version later than 65.10.15.6.
Update Tenda 4G08 to a version later than 65.10.15.6.
Update Tenda G0-8G-PoE to a version later than 65.10.15.6.
Update Tenda Nova MW5G to a version later than 65.10.15.6.
Update Tenda TEG5328F to a version later than 65.10.15.6.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tenda 4G03 Pro
Tenda 4G05
Tenda 4G08
Tenda G0-8G-Poe
Tenda Nova Mw5G
Tenda Teg5328F
Tenda I24