CVE-2024-46436

Name of the Vulnerable Software and Affected Versions Tenda W18E version V16.01.0.8(1625)

Description The issue concerns hardcoded credentials in the Tenda W18E device, allowing unauthenticated remote attackers to gain root access to the device over the telnet service. This enables attackers to access the device without proper authentication, potentially leading to unauthorized control and data breaches.

Recommendations For Tenda W18E version V16.01.0.8(1625), consider disabling the telnet service until a patch is available to prevent exploitation of the hardcoded credentials. Additionally, restricting access to the device and implementing strong authentication mechanisms can help minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.