What is CVE-2025-15371?

CVE-2025-15371 is a high-severity vulnerability in Tenda 4g03 Pro, classified under Use of Hard-coded Password. CVSS score: 7.8/10. Published 2025-12-31.

How severe is CVE-2025-15371?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Tenda 4g03 Pro

CVE-2025-15371

A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-co…

EPSS: 0.000 (1.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Tenda 4g03 Pro — versions 1.0.0.35, 3.0.0.8(4008), 04.03.01.49
Tenda 4g05 — versions 1.0.0.35, 3.0.0.8(4008), 04.03.01.49
Tenda 4g08 — versions 1.0.0.35, 3.0.0.8(4008), 04.03.01.49
Tenda G0-8g-poe — versions 1.0.0.35, 3.0.0.8(4008), 04.03.01.49
Tenda I24 — versions 1.0.0.35, 3.0.0.8(4008), 04.03.01.49
Tenda Nova Mw5g — versions 1.0.0.35, 3.0.0.8(4008), 04.03.01.49
Tenda Teg5328f — versions 1.0.0.35, 3.0.0.8(4008), 04.03.01.49

Weakness classification (CWE)

References

VDB-339075 | Tenda i24 Shadow File hard-coded credentials (technical-description, vdb-entry)
VDB-339075 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #727155 | Tenda Tenda i24v3.0 V3.0.0.8(4008) V3.0.0.8(4008) Hard-coded Credentials (third-party-advisory)
Submit #727283 | Tenda 4G03ProV1.0re V04.03.01.49 Hard-coded Credentials (Duplicate) (third-party-advisory)
Submit #727284 | Tenda 4G05V1.0re V04.05.01.15 Hard-coded Credentials (Duplicate) (third-party-advisory)
Submit #727285 | Tenda 4G08V1.0re V04.08.01.28 Hard-coded Credentials (Duplicate) (third-party-advisory)
Submit #727302 | Tenda G0-8G-PoEV2.0si V16.01.8.5 Hard-coded Credentials (Duplicate) (third-party-advisory)
Submit #727305 | Tenda MW5GV1.0re V1.0.0.35 Hard-coded Credentials (Duplicate) (third-party-advisory)
Submit #727306 | Tenda TEG5328FV1.0ma V65.10.15.6 Hard-coded Credentials (Duplicate) (third-party-advisory)
cna@vuldb.com (exploit)

Frequently asked questions

What is CVE-2025-15371?: CVE-2025-15371 is a high-severity vulnerability in Tenda 4g03 Pro, classified under Use of Hard-coded Password. CVSS score: 7.8/10. Published 2025-12-31.
How severe is CVE-2025-15371?: High severity. CVSS v3 base score is 7.8 out of 10.