| Title | Tenda AC9 V15.03.05.19 Hard-coded Credentials |
|---|
| Description | A hard-coded credentials vulnerability was identified in the Tenda Wi-Fi 5 Router AC9 device running firmware version ac9_kf_V15.03.05.19. The root user account uses a hard-coded password. This password is stored in the file /etc_ro/shadow using MD5-crypt hashing, which can be easily decrypted by tools like John and exploited. For instance, it allows unauthorized root access to the device through network-accessible services or the administrative interface. |
|---|
| Source | ⚠️ https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e4.md |
|---|
| User | Yu_Bao (UID 89348) |
|---|
| Submission | 08/22/2025 09:04 (10 months ago) |
|---|
| Moderation | 08/30/2025 15:58 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 322022 [Tenda AC9 15.03.05.19 Administrative Interface /etc_ro/shadow hard-coded credentials] |
|---|
| Points | 20 |
|---|