Tenda AC20 Root Hardcoded Credentials Vulnerability Summary A hardcoded credentials vulnerability exists in the Tenda AC20 router (firmware V16.03.08.12). The root user account uses a hardcoded password stored in the file with an MD5-crypt hash. Attackers can obtain the root password using password-cracking tools, gaining unauthorized access. Details Vendor: Tenda Product: Tenda AC20 Firmware Version: V16.03.08.12 Component: (root user authentication) Vulnerability Type: Use of Hardcoded Credentials (CWE-798) CVE ID: CVE-2025-9091 Reported by: n0ps1ed (n0ps1edzz@gmail.com) Description The vulnerability arises from the hardcoded root user password in the firmware. Analysis revealed the root password hash in the file, which was cracked to reveal the plaintext password "Fireitup". Key Findings 1. Firmware Extraction: Extracted firmware file . 2. Shadow File Analysis: Examined for root user's password hash. 3. Password Cracking: Used John the Ripper to crack the hash, revealing "Fireitup".