| タイトル | Tenda AX12 pro V2 V16.03.49.24_cn Hard-coded Credentials |
|---|
| 説明 | A critical security vulnerability has been identified in the Telnet service of Tenda routers. The device utilizes an insecure, predictable algorithm to generate the password for the command-line interface (CLI).root
Instead of a secure, random, or user-set password, the firmware relies on a hardcoded credential generation mechanism. The password is derived by combining the device's MAC address with a static hardcoded string found within the firmware binary, and then encoding the result in Base64.
This mechanism effectively functions as a vendor backdoor. Since the MAC address is publicly visible (on the device label) and easily discoverable via network scanning (ARP), and the hardcoded string is constant across all devices of this model, an attacker can trivially calculate the root password for any target device without prior authentication. |
|---|
| ソース | ⚠️ https://github.com/QIU-DIE/CVE/issues/49 |
|---|
| ユーザー | hhsw34 (UID 91076) |
|---|
| 送信 | 2026年01月16日 13:34 (5 月 ago) |
|---|
| モデレーション | 2026年01月29日 13:32 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 343378 [Tenda AX12 Pro V2 16.03.49.24_cn Telnet Service 弱い認証] |
|---|
| ポイント | 20 |
|---|