Tenda i24V3.0 router's admin password is hardcoded and publicly available

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.4

Tenda i24V3.0 router's admin password is hardcoded and publicly available

CVE-2025-70798

Summary

The Tenda i24V3.0 router's admin password is left unchanged and easily accessible, allowing anyone to gain full control of the device remotely. This means that an attacker could potentially take over the router and disrupt your internet connection or use it to launch further attacks. To protect your network, change your router's admin password to a strong, unique one.

Original title

Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

Original description

Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

Vulnerability type

CWE-259

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026