| 제목 | Tenda AX12 pro V2 V16.03.49.24_cn Hard-coded Credentials |
|---|
| 설명 | A critical security vulnerability has been identified in the Telnet service of Tenda routers. The device utilizes an insecure, predictable algorithm to generate the password for the command-line interface (CLI).root
Instead of a secure, random, or user-set password, the firmware relies on a hardcoded credential generation mechanism. The password is derived by combining the device's MAC address with a static hardcoded string found within the firmware binary, and then encoding the result in Base64.
This mechanism effectively functions as a vendor backdoor. Since the MAC address is publicly visible (on the device label) and easily discoverable via network scanning (ARP), and the hardcoded string is constant across all devices of this model, an attacker can trivially calculate the root password for any target device without prior authentication. |
|---|
| 원천 | ⚠️ https://github.com/QIU-DIE/CVE/issues/49 |
|---|
| 사용자 | hhsw34 (UID 91076) |
|---|
| 제출 | 2026. 01. 16. PM 01:34 (5 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 29. PM 01:32 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 343378 [Tenda AX12 Pro V2 16.03.49.24_cn Telnet Service 약한 인증] |
|---|
| 포인트들 | 20 |
|---|