Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Tenda AC18 Samba Configuration Vulnerability Leading to Weak Passwords

Vulnerability

Exploited

A vulnerability exists in the Tenda AC18 router running version 15.03.05.19, specifically within the Samba component. The issue arises from an insecure configuration in the Samba configuration file, /etc_ro/smb.conf, which allows accounts with null passwords to be accessed. This misconfiguration can be exploited remotely, enabling unauthorized access to shared resources without proper authentication. Such access could result in information disclosure or unauthorized manipulation of data.

Impact

Exploitation of this vulnerability could allow remote attackers to gain unauthorized access to accounts with null passwords, potentially leading to unauthorized access to shared resources and associated data.

Added: Jul 26, 2025, 9:18 AM

Updated: Jul 26, 2025, 9:18 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

9.4

remediation

0.0

relevance

0.3

threat

8.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

9.4

remediation

0.0

relevance

0.3

threat

8.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Tenda AC18 Samba Configuration Vulnerability Leading to Weak Passwords

Vulnerability

Impact

Affected Products

Samba

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating