Published: 13/07/2020 Updated: 15/07/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote malicious users to start a telnetd service on the device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tenda ac15_firmware 15.03.05.19

Tenda AC1200 (AC6) - Root Access (CVE-2020–10988) Credit: CVE-2020–10988 Simple Python script to call a hidden endpoint (hidden from the Web UI) and enable telnet You are then able to use the default hardcoded Username (root) and Password (Fireitup) to telnet

A vuln existss in Tenda AC6 router which allows an attacker to launch a telnet session with root access.

Equipment Overview Router: Tenda AC1200 (Model AC6) Smart Dual Band WiFi Router Firmware Version: V15030651_multi Linux Version: Linux linux-e06efcf50f50 31090 #5 Thu Oct 8 17:04:23 CST 2020 mips GNU/Linux GCC Version: 447 Busybox Version: v1192 Busybox Functions: [, [[, adduser, arp, arping, ash, awk, brctl, cat, chmod, clear, cp,

CWE-798 https://www.ise.io/research/https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 https://nvd.nist.gov https://github.com/stjohn96/ac6-root https://github.com/cecada/Tenda-AC6-Root-Acces

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-10988

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect