CVE-2025-9806

low-risk

Published 2025-09-02

A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 1.9/10 Low

LOCAL / HIGH complexity

Affected Products (3)

F1202 Firmware

Affected Vendors

Tenda

References (6)

Broken Link https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e9.md

Broken Link https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e9.md#steps-to-reproduc...

Permissions Required https://vuldb.com/?ctiid.322130

Third Party Advisory https://vuldb.com/?id.322130

Third Party Advisory https://vuldb.com/?submit.640980

Product https://www.tenda.com.cn/

/ 100

low-risk

Severity 5/34 · Minimal

Exploitability 0/34 · Minimal

Exposure 9/34 · Low