CVE-2025-70798 — Use of Hard-coded Password in I24 Firmware

CWE-259 — Use of Hard-coded Password3 documents3 sources

Severity

8.4HIGHNVD

EPSS

0.0%

top 95.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda I24 Firmware

Timeline

PublishedMar 10

Description

Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages1 packages

▶NVDtenda/i24_firmware3.0.0.5

🔴Vulnerability Details

GHSA

GHSA-ff32-p598-c7q2: Tenda i24V3↗2026-03-10

▶

CVEList

CVE-2025-70798: Tenda i24V3↗2026-03-10

▶