Executive Summary

CVE-2026-1610 is a critical vulnerability in the Tenda AX12 Pro V2 router's Telnet service. The root password is generated using a predictable algorithm that concatenates the device's MAC address with a static hardcoded string embedded in the firmware, then encodes this combination using Base64. Since the MAC address is publicly accessible and the hardcoded string is constant across devices, attackers can compute the root password without authentication, effectively creating a vendor backdoor that allows remote unauthorized access. [1, 2, 3]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows attackers to gain unauthenticated root access to the router, enabling full system compromise. Attackers can modify the file system, install persistent malware such as Mirai or Gafgyt botnets, intercept all network traffic, and maintain persistent unauthorized access even if the web interface password is changed. The vulnerability enables automated mass exploitation, allowing worms to scan for vulnerable devices and infect them rapidly, potentially compromising entire networks. [1, 3]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by scanning your network for Tenda AX12 Pro V2 devices running firmware version 16.03.49.24_cn that have the Telnet service enabled. Since the root password is generated by combining the device's MAC address with a static hardcoded string and then Base64 encoding it, you can identify vulnerable devices by checking for active Telnet ports (usually port 23) on these devices. Network scanning tools like nmap can be used to detect open Telnet services. For example, you can run: `nmap -p 23 --open <target-ip-range>` to find devices with Telnet enabled. Additionally, you can retrieve the MAC address of the device (via ARP scanning or device label) and attempt to compute the root password using the known algorithm (concatenate MAC address with the static string and Base64 encode) to verify if the device is vulnerable. However, no specific detection commands are provided in the resources. [2, 3]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include disabling the Telnet service on the affected Tenda AX12 Pro V2 router to prevent remote exploitation. Since the vulnerability involves hardcoded credentials that cannot be changed by the user, it is recommended to update the router firmware as soon as the vendor releases a patch that removes the hardcoded password logic. Until a firmware update is available, users should disable remote management access via WAN and isolate the device in a separate VLAN or network segment to limit potential compromise. Replacing the device with an alternative product that does not have this vulnerability is also suggested. Additionally, using secure protocols like SSH instead of Telnet is advised when possible. [1, 3]

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows remote attackers to gain unauthenticated root access to the Tenda AX12 Pro V2 router via hard-coded credentials in the Telnet service. This can lead to full system compromise, including interception of all network traffic and installation of persistent malware. Such unauthorized access and potential data breaches could violate common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data. The presence of a vendor backdoor and lack of mitigation options increase the risk of non-compliance due to inadequate security controls and potential exposure of confidential information. [1, 3]

Useful 0 Not Useful 0