CVE-2026-1610

A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used.

CVSS v3 8.1 HIGH
CVSS v2.0 7.6 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.6^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/QIU-DIE/CVE/issues/49	Broken Link Issue Tracking
https://vuldb.com/?ctiid.343378	Permissions Required VDB Entry
https://vuldb.com/?id.343378	Third Party Advisory VDB Entry
https://vuldb.com/?submit.740766	Third Party Advisory VDB Entry
https://www.tenda.com.cn/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tenda:ax12_pro_firmware:16.03.49.24_cn:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ax12_pro:2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-29 19:16

Updated : 2026-02-27 13:56

NVD link : CVE-2026-1610

Mitre link : CVE-2026-1610

CVE.ORG link : CVE-2026-1610

JSON object : View

Products Affected

tenda

ax12_pro_firmware
ax12_pro

CWE

CWE-259

Use of Hard-coded Password

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2026-1610", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-29T19:16:19.483", "references": [{"url": "https://github.com/QIU-DIE/CVE/issues/49", "tags": ["Broken Link", "Issue Tracking"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.343378", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.343378", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.740766", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://www.tenda.com.cn/", "tags": ["Product"], "source": "cna@vuldb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-259"}, {"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Tenda AX12 Pro V2 16.03.49.24_cn. Afectada por este problema es alguna funcionalidad desconocida del componente Servicio Telnet. Realizar una manipulaci\u00f3n resulta en credenciales codificadas de forma r\u00edgida. El ataque es posible de ser llevado a cabo remotamente. Un alto grado de complejidad es necesario para el ataque. La explotaci\u00f3n se sabe que es dif\u00edcil. El exploit ha sido hecho p\u00fablico y podr\u00eda ser usado."}], "lastModified": "2026-02-27T13:56:43.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ax12_pro_firmware:16.03.49.24_cn:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "187E6AE9-103B-4DC2-982B-D37AAFC6BFEA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ax12_pro:2.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4018DDD5-2D46-4EBA-8014-100CBD55E9CA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cna@vuldb.com"}