Which versions of Tenda Network Devices are affected by CVE-2025-15371?

Tenda network devices (i24, 4G03 Pro, 4G08, and five other models) contain hard-coded administrative credentials in firmware that allow any local user to escalate to high-privilege access,…

How to fix or mitigate CVE-2025-15371?

Within 24 hours: Inventory all Tenda devices in use and document current firmware versions (up to 65.10.15.6 confirmed vulnerable). Within 7 days: Contact Tenda support to determine if firmware patches exist outside standard channels and request ETA for CVE-2025-15371 fix; restrict physical and local access to affected devices to authorized personnel only. Within 30 days: Replace or retire affected Tenda models if no patched firmware becomes available, or deploy patched firmware immediately upon vendor release; implement network segmentation to isolate SOHO/branch equipment from critical systems.

Tenda Network Devices CVE-2025-15371

Q: What is the CVSS score of CVE-2025-15371?

CVE-2025-15371 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

HIGH

Use of Hard-coded Password (CWE-259)

2025-12-31 cna@vuldb.com

Authentication Bypass Tenda

7.1

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:17 vuln.today

DescriptionNVD

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

AnalysisAI

Hard-coded credentials in the shadow file component of multiple Tenda network devices (i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G, TEG5328F) allow local authenticated attackers to gain high-privilege access. Public exploit code is available on GitHub, enabling authentication bypass on devices running firmware versions up to 65.10.15.6. The CWE-259 classification indicates credentials embedded in firmware that cannot be changed through normal configuration. With EPSS data unavailable and no CISA KEV listing, this appears to affect primarily SOHO and small business deployments where local access may be obtained through social engineering or physical access.

Technical ContextAI

This vulnerability stems from CWE-259 (Use of Hard-coded Credentials) affecting the shadow file component across seven Tenda product lines. The shadow file typically stores hashed passwords in Unix-based systems, but hard-coded credentials bypass this protection by embedding unchangeable authentication secrets in firmware. The affected products span Tenda's consumer router (i24), 4G LTE gateway (4G03 Pro, 4G05, 4G08), PoE switch (G0-8G-PoE), mesh WiFi (Nova MW5G), and managed switch (TEG5328F) product categories, suggesting shared firmware components or development practices. The CVSS 4.0 vector shows local attack vector with low complexity and low privilege requirements, indicating that any user with basic local access can exploit the hard-coded credentials to escalate to high confidentiality, integrity, and availability impact on the vulnerable device itself, with no impact beyond the security scope.

Affected ProductsAI

Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G, and TEG5328F network devices running firmware versions up to and including 65.10.15.6 are confirmed vulnerable. The vulnerability report on GitHub specifically documents the i24 v3.0 running firmware V3.0.0.8, suggesting version numbering may vary by product line but all versions up to the 65.10.15.6 baseline are affected. No CPE strings were provided in the vulnerability data. Official vendor information is available at https://www.tenda.com.cn/ though no specific security advisory was referenced in the NVD data.

RemediationAI

Contact Tenda support at https://www.tenda.com.cn/ to determine if firmware updates beyond version 65.10.15.6 are available that remove hard-coded credentials from affected device models. No vendor-released patch version was confirmed in available data at time of analysis. Until patches are available, implement compensating controls: restrict physical access to devices through locked equipment rooms or cabinets; disable local shell access if supported by device configuration; segment affected devices onto isolated management VLANs with strict access control lists permitting only trusted administrator IP addresses; monitor authentication logs for unexpected local login attempts; consider replacing affected devices in high-risk deployments with alternative vendors if Tenda does not release timely patches, as hard-coded credentials represent a fundamental firmware design flaw that may indicate broader security posture issues. Note that disabling remote management features does not mitigate this local vector vulnerability.

CVE-2025-15371 vulnerability details – vuln.today

Back

Tenda Network Devices CVE-2025-15371

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

Tenda Network Devices CVE-2025-15371

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code