CVE-2025-9806

CWE-259 CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

1.8LOW

EPSS

0.0%

top 97.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda F1202 Tenda F1202 Firmware

Timeline

PublishedSep 2

Latest updateOct 21

Description

A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5tenda/f12021.2.0.14, 1.2.0.20, 1.2.0.9+2

▶NVDtenda/f1202_firmware1.2.0.14, 1.2.0.20, 1.2.0.9+2

🔴Vulnerability Details

GHSA

GHSA-7x7v-wrpx-628j: A vulnerability was determined in Tenda F1202 1↗2025-10-21

▶

CVEList

Tenda F1202 Administrative shadow hard-coded credentials↗2025-09-02

▶