CVE-2025-70802Use of Hard-coded Password in G1 Firmware

CWE-259Use of Hard-coded Password3 documents3 sources
Severity
8.4HIGHNVD
EPSS
0.0%
top 95.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda G1 Firmware
Timeline
PublishedMar 10

Description

Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages1 packages

NVDtenda/g1_firmware16.01.7.8

🔴Vulnerability Details

2
GHSA
GHSA-8x29-qfmf-3r57: Tenda G1V32026-03-10
CVEList
CVE-2025-70802: Tenda G1V32026-03-10
CVE-2025-70802 — Use of Hard-coded Password in Tenda | cvebase