CVE-2020-10988
Published on: 07/13/2020 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:23:33 PM UTC
Certain versions of Ac15 from Tenda contain the following vulnerability:
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.
- CVE-2020-10988 has been assigned by [email protected] to track the vulnerability - currently rated as CRITICAL severity.
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 10 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Research - Independent Security Evaluators | Third Party Advisory www.ise.io text/html | MISC www.ise.io/research/ |
Tenda AC15 AC1900 Vulnerabilities Discovered and Exploited | by Sanjana Sarda | Independent Security Evaluators | Exploit Third Party Advisory blog.securityevaluators.com text/html | MISC blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Hardware | Tenda | Ac15 | - | All | All | All |
Hardware | Tenda | Ac15 | - | All | All | All |
Operating System | Tenda | Ac15 Firmware | 15.03.05.19 | All | All | All |
Operating System | Tenda | Ac15 Firmware | 15.03.05.19 | All | All | All |
- cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*:
- cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*:
- cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*:
- cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE