| tiêu đề | Tenda AC10 V4 US_AC10V4.0si_V16.03.10.10_multi_TDE01 Cryptographic Issues |
|---|
| Mô tả | An unencrypted RSA 2048-bit private key used by the httpd TLS server is stored in a web-accessible directory at /webroot_ro/pem/privkeySrv.pem in Tenda AC10 V4 firmware V16.03.10.10. The file is retrievable without authentication. An attacker can use the exposed key to decrypt all HTTPS traffic to and from the device, perform man-in-the-middle attacks, and capture admin credentials submitted via the login page. The corresponding certificate uses a deprecated SHA-1 signature and is self-signed, compounding the issue. |
|---|
| Nguồn | ⚠️ https://github.com/somanyerrors/tenda-ac10v4-vulnerabilities/blob/main/findings/CRITICAL-05-exposed-rsa-private-key.md |
|---|
| Người dùng | CoreNode (UID 96566) |
|---|
| Đệ trình | 18/03/2026 16:34 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 04/04/2026 15:28 (17 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 355313 [Tenda AC10 16.03.10.10_multi_TDE01 RSA 2048-bit Private Key privkeySrv.pem mã hóa yếu] |
|---|
| điểm | 20 |
|---|