Hardcoded Password Vulnerability in Tenda W9 Router
CVE-2024-52788

8HIGH

Key Information:

Vendor: Tenda
Status: W9 Router
Vendor: CVE Published:; 19 November 2024

What is CVE-2024-52788?

The Tenda W9 Router (version v1.0.0.7(4456)) has been identified with a serious hardcoded password vulnerability located in the /etc_ro/shadow file. This weakness allows unauthorized users to gain root access to the device, significantly compromising the integrity and confidentiality of the network. It highlights the critical importance of securing default credentials and ensuring that firmware vulnerabilities are promptly addressed.

References

https://colorful-meadow-5b9.notion.site/W9_HardCode_vuln-...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2024

CVE-2024-52788 Data

JSON