{"api_version":"1","generated_at":"2026-05-28T21:06:33+00:00","cve":"CVE-2025-9731","urls":{"html":"https://cve.report/CVE-2025-9731","api":"https://cve.report/api/cve/CVE-2025-9731.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-9731","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-9731"},"summary":{"title":"Tenda AC9 Administrative shadow hard-coded credentials","description":"A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized.","state":"PUBLISHED","assigner":"VulDB","published_at":"2025-08-31 14:15:31","updated_at":"2026-04-29 01:00:01"},"problem_types":["CWE-259","CWE-798","CWE-798 Hard-coded Credentials","CWE-259 Use of Hard-coded Password"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"1.1","severity":"LOW","vector":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"2","severity":"LOW","vector":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","data":{"baseScore":2,"baseSeverity":"LOW","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"cna@vuldb.com","type":"Secondary","score":"2.5","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"2.5","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","data":{"baseScore":2.5,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"2.5","severity":"LOW","vector":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","data":{"baseScore":2.5,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"1","severity":"","vector":"AV:L/AC:H/Au:S/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:L/AC:H/Au:S/C:P/I:N/A:N","baseScore":1,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"1","severity":"","vector":"AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR","data":{"baseScore":1,"vectorString":"AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR","version":"2.0"}}],"references":[{"url":"https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e4.md","name":"https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e4.md","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.tenda.com.cn/","name":"https://www.tenda.com.cn/","refsource":"cna@vuldb.com","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?submit.639748","name":"https://vuldb.com/?submit.639748","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?ctiid.322022","name":"https://vuldb.com/?ctiid.322022","refsource":"cna@vuldb.com","tags":["Permissions Required"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?id.322022","name":"https://vuldb.com/?id.322022","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-9731","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9731","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Tenda","product":"AC9","version":"affected 15.03.05.19","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-08-30T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2025-08-30T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2025-08-30T16:03:04.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Yu_Bao (VulDB User)","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"9731","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"tenda","cpe5":"ac9","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"9731","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"tenda","cpe5":"ac9_firmware","cpe6":"15.03.05.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-9731","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-09-02T14:40:47.599793Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-09-02T15:14:30.872Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["exploit"],"url":"https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e4.md"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"modules":["Administrative Interface"],"product":"AC9","vendor":"Tenda","versions":[{"status":"affected","version":"15.03.05.19"}]}],"credits":[{"lang":"en","type":"reporter","value":"Yu_Bao (VulDB User)"}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized."},{"lang":"de","value":"In Tenda AC9 15.03.05.19 wurde eine Schwachstelle gefunden. Dies betrifft einen unbekannten Teil der Datei /etc_ro/shadow der Komponente Administrative Interface. Durch Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff ist nur lokal möglich. Ein Angriff erfordert eine vergleichsweise hohe Komplexität. Die Ausnutzbarkeit gilt als schwierig. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden."}],"metrics":[{"cvssV4_0":{"baseScore":2,"baseSeverity":"LOW","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":2.5,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","version":"3.1"}},{"cvssV3_0":{"baseScore":2.5,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","version":"3.0"}},{"cvssV2_0":{"baseScore":1,"vectorString":"AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-798","description":"Hard-coded Credentials","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-259","description":"Use of Hard-coded Password","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-08-31T13:32:07.821Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-322022 | Tenda AC9 Administrative shadow hard-coded credentials","tags":["vdb-entry"],"url":"https://vuldb.com/?id.322022"},{"name":"VDB-322022 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/?ctiid.322022"},{"name":"Submit #639748 | Tenda AC9 V15.03.05.19 Hard-coded Credentials","tags":["third-party-advisory"],"url":"https://vuldb.com/?submit.639748"},{"tags":["exploit"],"url":"https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e4.md"},{"tags":["product"],"url":"https://www.tenda.com.cn/"}],"timeline":[{"lang":"en","time":"2025-08-30T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2025-08-30T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2025-08-30T16:03:04.000Z","value":"VulDB entry last update"}],"title":"Tenda AC9 Administrative shadow hard-coded credentials"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2025-9731","datePublished":"2025-08-31T13:32:07.821Z","dateReserved":"2025-08-30T13:58:00.879Z","dateUpdated":"2025-09-02T15:14:30.872Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2025-08-31 14:15:31","lastModifiedDate":"2026-04-29 01:00:01","problem_types":["CWE-259","CWE-798","CWE-798 Hard-coded Credentials","CWE-259 Use of Hard-coded Password"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:H/Au:S/C:P/I:N/A:N","baseScore":1,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":1.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tenda:ac9_firmware:15.03.05.19:*:*:*:*:*:*:*","matchCriteriaId":"C5731D5E-C98A-4AE8-B3AC-4703335628C1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*","matchCriteriaId":"2FD1430E-DC2E-4042-9389-1FD90ECDBE4D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"9731","Ordinal":"1","Title":"Tenda AC9 Administrative shadow hard-coded credentials","CVE":"CVE-2025-9731","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"9731","Ordinal":"1","NoteData":"A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized.","Type":"Description","Title":"Tenda AC9 Administrative shadow hard-coded credentials"}]}}}