Tenda G1V3.1si Hardcoded Password Vulnerability Allowing Root Login

Vulnerability

A hardcoded password vulnerability has been identified in the Tenda G1V3.1si router, specifically in the V16.01.7.8 firmware. This vulnerability resides in the /etc_ro/shadow file, allowing attackers to log in as root. Although exploitation requires local access and a high level of execution, a Proof of Concept (PoC) has been publicly released, potentially enabling weaponization.

Impact

Exploitation of this vulnerability allows for unauthorized root access on the affected device.

Added: Mar 10, 2026, 9:36 PM

Updated: Mar 10, 2026, 9:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda G1V3.1si Hardcoded Password Vulnerability Allowing Root Login

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating