CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

August 17, 2025

CVE ID : CVE-2025-9091

Published : Aug. 17, 2025, 3:15 a.m. | 22 hours, 56 minutes ago

Description : A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Severity: 2.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-9093 – BuzzFeed App Android Improper Component Export Vulnerability

Next Article CVE-2025-9090 – Tenda Telnet Service Command Injection

Highlights

CVE-2025-6008 – KiCode111 like-girl SQL Injection Vulnerability

June 12, 2025

CVE ID : CVE-2025-6008

Published : June 12, 2025, 2:15 a.m. | 2 hours, 57 minutes ago

Description : A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Stop writing tests: Automate fully with Generative AI

Opsera’s Codeglide.ai lets developers easily turn legacy APIs into MCP servers

Black Duck Security GitHub App, NuGet MCP Server preview, and more – Daily News Digest

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

This new Coros watch has 3 weeks of battery life and tracks way more – even fly fishing

5 ways automation can speed up your daily workflow – and implementation is easy

This new C-suite role is more important than ever in the AI era – here’s why

iPhone users may finally be able to send encrypted texts to Android friends with iOS 26

Creating Dynamic Real-Time Features with Laravel Broadcasting

Creating Dynamic Real-Time Features with Laravel Broadcasting

Understanding Tailwind CSS Safelist: Keep Your Dynamic Classes Safe!

Sitecore’s Content SDK: Everything You Need to Know

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Microsoft admits it broke “Reset this PC” in Windows 11 23H2 KB5063875, Windows 10 KB5063709

How to Fix “EA AntiCheat Has Detected an Incompatible Driver” on Windows 11?

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

Investors beware: AI-powered financial scams swamp social media

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

Chris Hansen targets Roblox as its shares plummet — ‘To Catch a Predator’ host investigates its exploitation of children

iOS 19 may give your iPhone a big battery life upgrade – without you needing to do a thing

Top 10 breaches of 2014 attacked ‘old vulnerabilities’, says HP

CVE-2025-54140 – pyLoad Path Traversal Remote Code Execution Vulnerability

CVE-2025-6008 – KiCode111 like-girl SQL Injection Vulnerability

Frontend Standards for Optimizely Configured Commerce: Clean & Scalable Web Best Practices

CVE-2025-5651 – “Traffic Offense Reporting System Cross-Site Scripting Vulnerability”

CVE-2025-47735 – Wgp Rust Lack of Drop Slow Thread Synchronization

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

Related Posts