| عنوان | Tenda AX12 pro V2 V16.03.49.24_cn Hard-coded Credentials |
|---|
| الوصف | A critical security vulnerability has been identified in the Telnet service of Tenda routers. The device utilizes an insecure, predictable algorithm to generate the password for the command-line interface (CLI).root
Instead of a secure, random, or user-set password, the firmware relies on a hardcoded credential generation mechanism. The password is derived by combining the device's MAC address with a static hardcoded string found within the firmware binary, and then encoding the result in Base64.
This mechanism effectively functions as a vendor backdoor. Since the MAC address is publicly visible (on the device label) and easily discoverable via network scanning (ARP), and the hardcoded string is constant across all devices of this model, an attacker can trivially calculate the root password for any target device without prior authentication. |
|---|
| المصدر | ⚠️ https://github.com/QIU-DIE/CVE/issues/49 |
|---|
| المستخدم | hhsw34 (UID 91076) |
|---|
| ارسال | 16/01/2026 01:34 PM (5 أشهر منذ) |
|---|
| الاعتدال | 29/01/2026 01:32 PM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 343378 [Tenda AX12 Pro V2 16.03.49.24_cn Telnet Service توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|