CVE-2025-8182 – This vulnerability in Tenda AC18 routers allows... (How to Fix)

Q: What is the severity of CVE-2025-8182?

CVE-2025-8182 has a CVSS score of 5.6 (MEDIUM). This vulnerability in Tenda AC18 routers allows attackers to exploit weak password requirements in the Samba configuration file. Attackers can potentially gain unauthorized access to SMB shares if they can guess or brute-force weak passwords. Only Tenda AC18 router users running the affected firmware version are impacted.

📋 TL;DR

This vulnerability in Tenda AC18 routers allows attackers to exploit weak password requirements in the Samba configuration file. Attackers can potentially gain unauthorized access to SMB shares if they can guess or brute-force weak passwords. Only Tenda AC18 router users running the affected firmware version are impacted.

💻 Affected Systems

Products:

Tenda AC18

Versions: 15.03.05.19

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default Samba configuration file; users who have modified SMB settings may have different exposure.

📦 What is this software?

Ac18 Firmware by Tenda

View all CVEs affecting Ac18 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized access to SMB shares containing sensitive files, potentially leading to data theft or lateral movement within the network.

🟠

Likely Case

Limited impact due to high attack complexity and difficulty of exploitation; attackers would need to guess weak passwords that users might have set.

🟢

If Mitigated

Minimal impact if strong passwords are already enforced or SMB services are disabled.

🌐 Internet-Facing: MEDIUM - Attack can be initiated remotely, but exploitation difficulty reduces immediate risk.

🏢 Internal Only: MEDIUM - Same risk profile applies whether accessed internally or externally due to remote attack vector.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploit requires guessing or brute-forcing weak passwords; disclosed publicly but difficult to execute successfully.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Upload via router admin interface. 4. Reboot router after update.

🔧 Temporary Workarounds

Disable SMB services

all

Turn off SMB file sharing to eliminate the attack surface completely

Login to router admin interface
Navigate to USB Settings or File Sharing
Disable Samba/SMB sharing

Enforce strong SMB passwords

all

Require complex passwords for all SMB user accounts

Change SMB user passwords to 12+ characters with mix of upper/lower/digits/symbols

🧯 If You Can't Patch

Disable SMB file sharing entirely through router settings
Implement network segmentation to isolate router from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface; if version is 15.03.05.19, system is vulnerable.

Check Version:

Login to router admin panel at 192.168.0.1 or 192.168.1.1 and check System Status or Firmware Version

Verify Fix Applied:

After firmware update, verify version is newer than 15.03.05.19; check that SMB passwords meet complexity requirements.

📡 Detection & Monitoring

Log Indicators:

Multiple failed SMB authentication attempts
Unusual SMB connection patterns from external IPs

Network Indicators:

SMB traffic (ports 139/445) to router from unexpected sources
Brute-force patterns in SMB authentication

SIEM Query:

source="router_logs" AND (event="SMB_auth_failed" OR port=139 OR port=445) | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-8182

CVSS v3 Score: 5.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-521

EPSS Score: 0.04% exploit probability (12th percentile)

Published: July 26, 2025

Last Updated: August 1, 2025

🔗 References

https://vuldb.com/?ctiid.317596 Permissions Required
https://vuldb.com/?id.317596 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.621977 Third Party Advisory,VDB Entry
https://www.notion.so/23a54a1113e7802abfabf1275a555f48 Third Party Advisory
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8182, you might also want to check these: