Hardcoded Password Vulnerability in Tenda i29V1.0 Router
CVE-2024-35338

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: I29 Firmware
Vendor: CVE Published:; 16 July 2024

What is CVE-2024-35338?

The Tenda i29V1.0 Router, specifically version V1.0.0.5, has been identified to contain a security vulnerability due to a hardcoded password associated with the root account. This flaw presents a significant risk, as it allows potential attackers unauthorized access to administrative controls of the device. Such vulnerabilities can lead to unauthorized alterations to the network settings, data interception, and other malicious activities targeting users' network environments. Addressing this issue is crucial for maintaining the security and integrity of networks utilizing the affected router model.

References

https://palm-vertebra-fe9.notion.site/hardcode_i29-e1ed38...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2024