Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-52363

Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

Published

2025-07-14T18:15:23.400

Last Modified

2025-08-02T01:36:30.260

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tenda	cp3_pro_firmware	22.5.4.93	Yes
Hardware	tenda	cp3_pro	-	No

References

https://cybermaya.in/posts/Post-39/ Exploit, Third Party Advisory ([email protected])
https://www.tendacn.com/product/download/cp3pro.html Broken Link ([email protected])