Cleartext Storage Vulnerability in Tenda N300 F3 by Tenda
CVE-2026-38571

4.6MEDIUM

Key Information:

Vendor

Tenda

Status
Vendor
CVE Published:
26 June 2026

What is CVE-2026-38571?

The Tenda N300 F3 (V603) contains a vulnerability where WPA2 credentials are stored in cleartext and can be accessed through the unauthenticated UART debug console. This allows a nearby attacker to exploit the debug console to obtain sensitive network credentials, as well as perform arbitrary read and write operations in memory. The lack of authentication further exacerbates the risk, enabling potential physical attackers to compromise device integrity and network security.

References

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.