Default Password Vulnerability in Tenda AC1200 Routers
CVE-2020-28093

7.2HIGH

Key Information:

Vendor: Tenda
Status: Ac1200 Firmware
Vendor: CVE Published:; 28 December 2020

What is CVE-2020-28093?

The Tenda AC1200 Router (Model AC6) contains a significant security flaw due to default passwords that remain unchanged. Users of version 15.03.06.51_multi are particularly at risk, as essential accounts, including admin and user roles, are set to a default password of '1234'. This oversight can lead to unauthorized access, allowing potential attackers to gain control over the device and its settings, compromising the network's overall security.

References

https://github.com/cecada/Tenda-AC6-Root-Acces/blob/main/...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 28, 2020
Vulnerability Reserved
Nov 2, 2020