CVE-2026-38571
Deferred Deferred - Pending Action

Tenda N300 F3 (V603) WPA2 Credential Exposure and Memory Access Vulnerabilities

Vulnerability report for CVE-2026-38571, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-29

Assigner: MITRE

Description

Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 (V603) allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write arbitrary memory via the serial console.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-29
Generated
2026-07-17
AI Q&A
2026-06-27
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tenda n300_f3 v603

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the Tenda N300 F3 (V603) device's UART debug console, which is unauthenticated and accessible to anyone physically near the device.

An attacker can exploit missing authentication on the read/write memory commands (rr/wr) in this console to access stored WPA2 credentials in cleartext.

Additionally, the attacker can read or write arbitrary memory via the serial console, potentially compromising the device further.

Impact Analysis

A physically proximate attacker can obtain your WPA2 credentials in cleartext, which compromises your wireless network security.

With access to these credentials, the attacker could connect to your network, intercept traffic, or launch further attacks.

The ability to read or write arbitrary memory via the serial console could allow the attacker to alter device behavior or extract sensitive information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-38571. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart