CVE-2025-15371 – Tenda i24 Shadow File hard-coded credentials

CVE ID : CVE-2025-15371

Published : Dec. 31, 2025, 1:15 a.m. | 1 hour, 8 minutes ago

Description : A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…