CVE-2025-70802
Published: 10 March 2026
Summary
CVE-2025-70802 is a high-severity Use of Hard-coded Password (CWE-259) vulnerability in Tenda G1 Firmware. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Local Accounts (T1078.003); ranked at the 6.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
IA-5 mandates proper authenticator management including changing default content and protecting from disclosure, directly preventing hardcoded root passwords in the shadow file.
SI-2 requires identification, reporting, and correction of flaws like hardcoded passwords in firmware, mitigating the vulnerability through remediation.
CM-6 enforces secure baseline configuration settings, directly addressing insecure hardcoded credentials in files like /etc_ro/shadow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded root password in /etc_ro/shadow directly supplies a valid local account (T1078.003) and constitutes unsecured credentials stored in a file (T1552.001).
NVD Description
Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
Deeper analysisAI
CVE-2025-70802 is a hardcoded password vulnerability (CWE-259) in the Tenda G1V3.1si firmware version V16.01.7.8, specifically within the /etc_ro/shadow file. This flaw allows attackers to authenticate as the root user by exploiting the static credentials embedded in the system. The vulnerability was published on 2026-03-10 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.
Exploitation requires local access to the affected device, with low attack complexity, no privileges, and no user interaction needed. An attacker with such access—such as through physical proximity or prior network foothold—can use the hardcoded password to log in as root, achieving high-impact unauthorized access that compromises confidentiality, integrity, and availability of the router.
Advisories and further details are available in the vulnerability report at https://github.com/vuln-1/vuln/blob/main/Tenda/G1V3.1si_V16.01.7.8/report-1.md and on the Tenda website at https://www.tendacn.com/. No specific patch or mitigation steps are outlined in the provided references.
Details
- CWE(s)