Tenda W18E Hardcoded Credentials Vulnerability Allowing Unauthenticated Access to Web Management Portal

Vulnerability

A vulnerability exists in the Tenda W18E router, specifically in version V16.01.0.8(1625), due to hardcoded credentials that allow unauthenticated remote attackers to access the web management portal. This is achieved by using a default guest account that has administrative privileges.

Impact

Exploitation of this vulnerability allows for unauthorized access to the router's web management portal with administrative rights, potentially leading to further configuration changes or management of the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda W18E Hardcoded Credentials Vulnerability Allowing Unauthenticated Access to Web Management Portal

Vulnerability

Impact

Affected Products

Tenda W18E

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating