Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-1610

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-29 Jan, 2026 | 19:02
Updated At-23 Feb, 2026 | 09:06
Rejected At-
Credits

Tenda AX12 Pro V2 Telnet Service hard-coded credentials

A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:29 Jan, 2026 | 19:02
Updated At:23 Feb, 2026 | 09:06
Rejected At:
â–¼CVE Numbering Authority (CNA)
Tenda AX12 Pro V2 Telnet Service hard-coded credentials

A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used.

Affected Products
Vendor
Tenda Technology Co., Ltd.Tenda
Product
AX12 Pro V2
Modules
  • Telnet Service
Versions
Affected
  • 16.03.49.24_cn
Problem Types
TypeCWE IDDescription
CWECWE-798Hard-coded Credentials
CWECWE-259Use of Hard-coded Password
Type: CWE
CWE ID: CWE-798
Description: Hard-coded Credentials
Type: CWE
CWE ID: CWE-259
Description: Use of Hard-coded Password
Metrics
VersionBase scoreBase severityVector
4.09.2CRITICAL
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
3.08.1HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
2.07.6N/A
AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 9.2
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Version: 3.0
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Version: 2.0
Base score: 7.6
Base severity: N/A
Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
hhsw34 (VulDB User)
Timeline
EventDate
Advisory disclosed2026-01-29 00:00:00
VulDB entry created2026-01-29 01:00:00
VulDB entry last update2026-01-30 04:59:41
Event: Advisory disclosed
Date: 2026-01-29 00:00:00
Event: VulDB entry created
Date: 2026-01-29 01:00:00
Event: VulDB entry last update
Date: 2026-01-30 04:59:41
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.343378
vdb-entry
https://vuldb.com/?ctiid.343378
signature
permissions-required
https://vuldb.com/?submit.740766
third-party-advisory
https://github.com/QIU-DIE/CVE/issues/49
broken-link
exploit
issue-tracking
https://www.tenda.com.cn/
product
Hyperlink: https://vuldb.com/?id.343378
Resource:
vdb-entry
Hyperlink: https://vuldb.com/?ctiid.343378
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.740766
Resource:
third-party-advisory
Hyperlink: https://github.com/QIU-DIE/CVE/issues/49
Resource:
broken-link
exploit
issue-tracking
Hyperlink: https://www.tenda.com.cn/
Resource:
product
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:29 Jan, 2026 | 19:16
Updated At:27 Feb, 2026 | 13:56

A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.2HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary2.07.6HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Type: Secondary
Version: 4.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 2.0
Base score: 7.6
Base severity: HIGH
Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
CPE Matches
Tenda Technology Co., Ltd.
tenda
>>ax12_pro_firmware>>16.03.49.24_cn
cpe:2.3:o:tenda:ax12_pro_firmware:16.03.49.24_cn:*:*:*:*:*:*:*
Tenda Technology Co., Ltd.
tenda
>>ax12_pro>>2.0
cpe:2.3:h:tenda:ax12_pro:2.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-259Primarycna@vuldb.com
CWE-798Primarycna@vuldb.com
CWE ID: CWE-259
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-798
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/QIU-DIE/CVE/issues/49cna@vuldb.com
Broken Link
Issue Tracking
https://vuldb.com/?ctiid.343378cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.343378cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.740766cna@vuldb.com
Third Party Advisory
VDB Entry
https://www.tenda.com.cn/cna@vuldb.com
Product
Hyperlink: https://github.com/QIU-DIE/CVE/issues/49
Source: cna@vuldb.com
Resource:
Broken Link
Issue Tracking
Hyperlink: https://vuldb.com/?ctiid.343378
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.343378
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.740766
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.tenda.com.cn/
Source: cna@vuldb.com
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

57Records found
CVE-2023-0391
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-8.1||HIGH
EPSS-0.18% / 38.67%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 19:25
Updated-26 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MGT-COMMERCE CloudPanel Shared Certificate

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.

Action-Not Available
Vendor-mgt-commerceMGT-COMMERCE
Product-cloudpanelCloudPanel
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-28875
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.28% / 51.30%
||
7 Day CHG~0.00%
Published-30 Oct, 2024 | 13:35
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910 80100910 40 6d 21 74 ds "@m!t2K1" 32 4b 31 00 It is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below: if ((SECOND_FROM_BOOT_TIME < 300) && (is_equal = strcmp(password,"@m!t2K1")) { return 1;} Where 1 is the return value to admin-level access (0 being fail and 3 being user).

Action-Not Available
Vendor-level1LevelOnelevelone
Product-wbr-6012wbr-6012_firmwareWBR-6012wbr-6012
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-48250
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-8.1||HIGH
EPSS-0.66% / 71.40%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 10:43
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.

Action-Not Available
Vendor-Bosch Rexroth AGRobert Bosch GmbH
Product-nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)nexo-osnexo_cordless_nutrunner_nxa065s-36v_\(0608842013\)nexo_special_cordless_nutrunner_\(0608pe2272\)nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)nexo_special_cordless_nutrunner_\(0608pe2673\)nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\)nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)nexo_special_cordless_nutrunner_\(0608pe2514\)nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\)nexo_special_cordless_nutrunner_\(0608pe2301\)nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)nexo_special_cordless_nutrunner_\(0608pe2666\)nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\)nexo_special_cordless_nutrunner_\(0608pe2515\)nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\)Nexo cordless nutrunner NXA011S-36V (0608842011)Nexo cordless nutrunner NXV012T-36V (0608842015)Nexo cordless nutrunner NXA011S-36V-B (0608842012)Nexo special cordless nutrunner (0608PE2301)Nexo cordless nutrunner NXA030S-36V-B (0608842007)Nexo special cordless nutrunner (0608PE2514)Nexo cordless nutrunner NXA015S-36V-B (0608842006)Nexo special cordless nutrunner (0608PE2272)Nexo cordless nutrunner NXA065S-36V (0608842013)Nexo cordless nutrunner NXA050S-36V (0608842003)Nexo cordless nutrunner NXA050S-36V-B (0608842008)Nexo special cordless nutrunner (0608PE2666)Nexo special cordless nutrunner (0608PE2673)Nexo cordless nutrunner NXA065S-36V-B (0608842014)Nexo special cordless nutrunner (0608PE2515)Nexo cordless nutrunner NXP012QD-36V-B (0608842010)Nexo cordless nutrunner NXP012QD-36V (0608842005)Nexo cordless nutrunner NXV012T-36V-B (0608842016)Nexo cordless nutrunner NXA015S-36V (0608842001)Nexo cordless nutrunner NXA030S-36V (0608842002)
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-41157
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.1||HIGH
EPSS-0.34% / 57.13%
||
7 Day CHG~0.00%
Published-25 Nov, 2022 | 00:00
Updated-24 Apr, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ERP solution Remote Code Execution Vulnerability

A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.

Action-Not Available
Vendor-webcashWebcash Co.,LtdMicrosoft Corporation
Product-windowsserp_server_2.0sERP Server 2.0
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34151
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.1||HIGH
EPSS-1.17% / 78.85%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 01:51
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller.

Action-Not Available
Vendor-omronOMRON Corporation
Product-nx1p2-1040dt_firmwarenj501-4300_firmwarenx701-1620_firmwarenj501-4500_firmwarenx1w-cif01_firmwarenj501-r320nj501-5300nx701-1600nx1w-adb21nj501-r320_firmwarenx102-1220nj501-r300nj101-1020_firmwarena5-12wnx102-1200_firmwarenx102-1100nx1p2-9024dt_firmwarenx1p2-1040dt1na5-12w_firmwarenx1p2-9024dtna5-9wnx701-1700nj501-r420_firmwarenx1w-cif11_firmwarenj501-1300nj501-1420_firmwarenj501-5300_firmwarenx1w-dab21vnj101-1020nj501-r420nx1w-adb21_firmwarenx701-z700nx1p2-1140dt1_firmwarenx102-1120nx1p2-1040dt1_firmwarenj501-4500nx102-1000_firmwarenx102-1000nj-pa3001_firmwarenx102-9020_firmwarenx1w-dab21v_firmwarenj501-1500_firmwarenx701-1720_firmwarenx1w-mab221_firmwarenj101-1000nj-pd3001na5-7wnx1w-mab221na5-15w_firmwarenx102-1100_firmwarenj501-1340nx701-z600_firmwarenj501-1320_firmwarena5-7w_firmwarenx1p2-1140dt_firmwarenx1p2-1040dtnx1p2-1140dt1nx102-1020_firmwarenj501-1420nj501-4310_firmwarenj501-r500_firmwarenx701-1720sysmac_studiona5-9w_firmwarenj501-4320nj501-1500nx1w-cif12_firmwarenj501-140_firmwarenj501-4400nx1w-cif11nj501-r520nj501-140nx701-1600_firmwarenj501-1520nx102-1120_firmwarenj301-1100_firmwarena5-15wnj501-4320_firmwarenj501-r400_firmwarenx1w-cif01nj501-1300_firmwarenj-pa3001nx102-1220_firmwarenj501-4300nj301-1100nj501-4400_firmwarenj101-1000_firmwarenj101-9020_firmwarenx701-1700_firmwarenj301-1200nx102-9020nj-pd3001_firmwarenx701-z600nj101-9000nj501-r500nj501-1320nj501-1340_firmwarenj301-1200_firmwarenj501-1520_firmwarenx1p2-1140dtnx701-z700_firmwarenx1w-cif12nj501-r400nx1p2-9024dt1nx102-1020nx102-1200nj501-r520_firmwarenj101-9020nj501-4310nx701-1620nx1p2-9024dt1_firmwarenj501-r300_firmwarenj101-9000_firmwareMachine automation controller NJ series, Machine automation controller NX series, Automation software 'Sysmac Studio', and Programmable Terminal (PT) NA series
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-29060
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-8.1||HIGH
EPSS-0.46% / 64.06%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 16:35
Updated-25 Oct, 2024 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiddosFortinet FortiDDoS
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-10996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.57% / 68.92%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 12:45
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.

Action-Not Available
Vendor-perconan/a
Product-xtradb_clustern/a
CWE ID-CWE-838
Inappropriate Encoding for Output Context
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • Next
Details not found