Unauthorized Root Access Vulnerability in Tenda W18E Devices
CVE-2024-46436

8.3HIGH

Key Information:

Vendor: Tenda
Status: W18E
Vendor: CVE Published:; 10 February 2025

Summary

The Tenda W18E V16.01.0.8(1625) is vulnerable due to hardcoded credentials, which can be exploited by unauthenticated remote attackers. This vulnerability allows malicious actors to gain unauthorized root access to the device via the Telnet service, potentially compromising the integrity and security of the network. Users are advised to update their devices and take appropriate security measures to mitigate this risk.

References

https://reddassolutions.com/blog/tenda_w18e_security_rese...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Sep 11, 2024