Published: 13/07/2020 Updated: 21/11/2024

A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote malicious users to start a telnetd service on the device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tenda ac15 firmware 15.03.05.19

A vuln existss in Tenda AC6 router which allows an attacker to launch a telnet session with root access.

Equipment Overview Router: Tenda AC1200 (Model AC6) Smart Dual Band WiFi Router Firmware Version: V15030651_multi Linux Version: Linux linux-e06efcf50f50 31090 #5 Thu Oct 8 17:04:23 CST 2020 mips GNU/Linux GCC Version: 447 Busybox Version: v1192 Busybox Functions: [, [[, adduser, arp, arping, ash, awk, brctl, cat, chmod, clear, cp,

Tenda AC1200 (AC6) - Root Access (CVE-2020–10988) Credit: CVE-2020–10988 Simple Python script to call a hidden endpoint (hidden from the Web UI) and enable telnet You are then able to use the default hardcoded Username (root) and Password (Fireitup) to telnet

CWE-798 https://nvd.nist.gov https://github.com/cecada/Tenda-AC6-Root-Acces https://www.first.org/epss https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 https://www.ise.io/research/https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 https://www.ise.io/research/

CVE-2020-10988

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect