CVE-2025-15371 - Vulnerability Details

- Tenda i24 Shadow File hard-coded credentials

Description

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Published: 2025-12-31

Score: 8.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tenda

i24

affected

Version	Status	Constraints
`1.0.0.35`	affected	—
`3.0.0.8(4008)`	affected	—
`04.03.01.49`	affected	—
`04.05.01.15`	affected	—
`04.08.01.28`	affected	—
`16.01.8.5`	affected	—
`65.10.15.6`	affected	—

Tenda

4G03 Pro

affected

Version	Status	Constraints
`1.0.0.35`	affected	—
`3.0.0.8(4008)`	affected	—
`04.03.01.49`	affected	—
`04.05.01.15`	affected	—
`04.08.01.28`	affected	—
`16.01.8.5`	affected	—
`65.10.15.6`	affected	—

Tenda

4G05

affected

Version	Status	Constraints
`1.0.0.35`	affected	—
`3.0.0.8(4008)`	affected	—
`04.03.01.49`	affected	—
`04.05.01.15`	affected	—
`04.08.01.28`	affected	—
`16.01.8.5`	affected	—
`65.10.15.6`	affected	—

Tenda

4G08

affected

Version	Status	Constraints
`1.0.0.35`	affected	—
`3.0.0.8(4008)`	affected	—
`04.03.01.49`	affected	—
`04.05.01.15`	affected	—
`04.08.01.28`	affected	—
`16.01.8.5`	affected	—
`65.10.15.6`	affected	—

Tenda

G0-8G-PoE

affected

Version	Status	Constraints
`1.0.0.35`	affected	—
`3.0.0.8(4008)`	affected	—
`04.03.01.49`	affected	—
`04.05.01.15`	affected	—
`04.08.01.28`	affected	—
`16.01.8.5`	affected	—
`65.10.15.6`	affected	—

Tenda

Nova MW5G

affected

Version	Status	Constraints
`1.0.0.35`	affected	—
`3.0.0.8(4008)`	affected	—
`04.03.01.49`	affected	—
`04.05.01.15`	affected	—
`04.08.01.28`	affected	—
`16.01.8.5`	affected	—
`65.10.15.6`	affected	—

Tenda

TEG5328F

affected

Version	Status	Constraints
`1.0.0.35`	affected	—
`3.0.0.8(4008)`	affected	—
`04.03.01.49`	affected	—
`04.05.01.15`	affected	—
`04.08.01.28`	affected	—
`16.01.8.5`	affected	—
`65.10.15.6`	affected	—

No data.

Vendor	Product	Confidence	Versions
Tenda	4g03 Pro	—	—
Tenda	4g05	—	—
Tenda	4g08	—	—
Tenda	G0-8g-poe	—	—
Tenda	I24	—	—
Tenda	Nova Mw5g	—	—
Tenda	Teg5328f	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00019.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md
https://vuldb.com/?ctiid.339075
https://vuldb.com/?id.339075
https://vuldb.com/?submit.727155
https://vuldb.com/?submit.727283
https://vuldb.com/?submit.727284
https://vuldb.com/?submit.727285
https://vuldb.com/?submit.727302
https://vuldb.com/?submit.727305
https://vuldb.com/?submit.727306
https://www.tenda.com.cn/

History

Mon, 05 Jan 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda 4g03 Pro Tenda 4g05 Tenda 4g08 Tenda g0-8g-poe Tenda i24 Tenda nova Mw5g Tenda teg5328f
Vendors & Products		Tenda Tenda 4g03 Pro Tenda 4g05 Tenda 4g08 Tenda g0-8g-poe Tenda i24 Tenda nova Mw5g Tenda teg5328f

Fri, 02 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 31 Dec 2025 01:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Title		Tenda i24 Shadow File hard-coded credentials
Weaknesses		CWE-259 CWE-798
References		https://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md https://vuldb.com/?ctiid.339075 https://vuldb.com/?id.339075 https://vuldb.com/?submit.727155 https://vuldb.com/?submit.727283 https://vuldb.com/?submit.727284 https://vuldb.com/?submit.727285 https://vuldb.com/?submit.727302 https://vuldb.com/?submit.727305 https://vuldb.com/?submit.727306 https://www.tenda.com.cn/
Metrics		cvssV2_0 `{'score': 6.8, 'vector': 'AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Tenda 4g03 Pro 4g05 4g08 G0-8g-poe I24 Nova Mw5g Teg5328f

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-12-31T01:02:06.989Z

Updated: 2026-01-02T14:38:01.600Z

Reserved: 2025-12-30T17:35:13.980Z

Link: CVE-2025-15371

Vulnrichment

Updated: 2026-01-02T14:22:59.243Z

NVD

Status : Deferred

Published: 2025-12-31T01:15:54.797

Modified: 2026-04-29T01:00:01.613

Link: CVE-2025-15371

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-01-05T10:19:13Z

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object