CVE-2026-10045
Deferred Deferred - Pending Action

Hardcoded Credentials and Telnet Enabled in DR300 Router

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: CERT/CC

Description
Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-10045
EUVD
EUVD-2026-35790

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
shenzhen_kangda_xin_intelligent_network_technology_company dr300 2.1.2.121

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can lead to severe security risks including unauthorized control over the router, potential interception or manipulation of network traffic, and exposure of connected devices.

Attackers could modify the router's firmware to maintain persistent access or launch further attacks within the network, compromising confidentiality, integrity, and availability of data and services.

Executive Summary

The Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300 version 2.1.2.121, has hardcoded login credentials and telnet enabled by default on both WAN and LAN interfaces. These security flaws allow attackers to gain unauthorized access to the device.

Once accessed, attackers can read and write to the router's memory, modify the firmware stored in flash memory, inspect active network connections, and view devices currently connected to the router.

Detection Guidance

This vulnerability involves hardcoded login credentials and telnet enabled by default on WAN and LAN interfaces of the Shenzhen Kangda Xin Intelligent Network Technology Company DR300 router, version 2.1.2.121.

To detect this vulnerability on your network or system, you can scan for devices with telnet ports open (typically port 23) on both WAN and LAN interfaces.

  • Use a network scanning tool such as nmap to identify devices with port 23 open: nmap -p 23 <target-ip-range>
  • Attempt to connect via telnet to the identified devices to check for hardcoded credentials: telnet <device-ip>
  • Check router firmware version if accessible to confirm if it matches version 2.1.2.121.
Mitigation Strategies

Immediate mitigation steps include disabling telnet access on both WAN and LAN interfaces to prevent unauthorized access.

Change or remove any hardcoded login credentials if possible, or replace the affected router with a secure model.

Restrict network access to the router management interfaces to trusted hosts only.

Monitor network traffic for unusual activity that may indicate exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10045. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart