CVE-2024-46436

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

8.3HIGH

EPSS

1.0%

top 23.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda W18e Firmware

Timeline

PublishedFeb 10

Description

Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages1 packages

▶NVDtenda/w18e_firmware16.01.0.8\(1625\)

🔴Vulnerability Details

CVEList

CVE-2024-46436: Hardcoded credentials in Tenda W18E V16↗2025-02-10

▶

GHSA

GHSA-v52w-cjm4-xvwf: Hardcoded credentials in Tenda W18E V16↗2025-02-10

▶