CVE-2025-9731Use of Hard-coded Password in AC9

CWE-259Use of Hard-coded PasswordCWE-798Hard-coded Credentials3 documents3 sources
Severity
2.0LOWNVD
EPSS
0.0%
top 96.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda AC9Tenda AC9 Firmware
Timeline
PublishedAug 31

Description

A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ac915.03.05.19
NVDtenda/ac9_firmware15.03.05.19

🔴Vulnerability Details

2
CVEList
Tenda AC9 Administrative shadow hard-coded credentials2025-08-31
GHSA
GHSA-mjfw-v74j-p2xx: A vulnerability was determined in Tenda AC9 152025-08-31
CVE-2025-9731 — Use of Hard-coded Password in Tenda AC9 | cvebase