Tenda W18E Default Credentials Vulnerability Allowing Unauthenticated Access to Web Management Portal

Vulnerability

A vulnerability exists in the Tenda W18E router, specifically in version V16.01.0.8(1625), due to default credentials that allow unauthenticated remote attackers to access the web management portal. The default rzadmin account, which has administrative privileges, can be used to gain access.

Impact

Exploitation of this vulnerability allows for unauthorized access to the router's web management portal with administrative rights, enabling an attacker to make changes to the router's configuration or management settings.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda W18E Default Credentials Vulnerability Allowing Unauthenticated Access to Web Management Portal

Vulnerability

Impact

Affected Products

Tenda W18E

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating