CVE-2025-9731

LOW EPSS 3.0%

Published Aug 31, 202510mo ago · Modified Jun 17, 20261w ago

1.1 CVSS 4.0

Low

Published Aug 31, 2025 10mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized.

CVSS Details

Base Score

1.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity High

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

3.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-259

CWE-798 Use of Hard-coded Credentials Authentication

Affected Products 2

Vendor	Product	Version	Range
tenda	ac9_firmware	15.03.05.19	any
tenda	ac9	*	any

References 5

github.com https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e4.md

Third Party Advisory
vuldb.com https://vuldb.com/?ctiid.322022

Permissions Required
vuldb.com https://vuldb.com/?id.322022

Third Party AdvisoryVDB Entry
vuldb.com https://vuldb.com/?submit.639748

Third Party AdvisoryVDB Entry
tenda.com.cn https://www.tenda.com.cn/

Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.