Description
Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.
Published: 2026-06-09
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The router model DR300 from Shenzhen Kangda Xin Intelligent Network Technology includes default telnet services on both WAN and LAN interfaces and hardcoded login credentials. These weaknesses allow an attacker who gains access to the telnet service to read and write the router’s memory, overwrite firmware stored in flash, and inspect active network connections and connected devices, effectively enabling remote firmware modification and extensive system control.

Affected Systems

Vendor Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd. product DR300, specifically version 2.1.2.121.

Risk and Exploitability

Because the credentials are fixed and telnet is enabled by default, remote exploitation is straightforward once the network is reachable. The CVSS score of 9.8 highlights the criticality of this vulnerability. The vulnerability is likely to be widely exploitable via the internet, but no EPSS score is currently available and the vulnerability is not listed in the CISA KEV catalog. Attackers would target the telnet service over the WAN or LAN interfaces to achieve unauthorized read/write access, which could lead to permanent firmware compromise or persistent remote code execution.

Generated by OpenCVE AI on June 9, 2026 at 21:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable telnet access on both WAN and LAN interfaces through the router’s management interface or configuration file.
  • Change the default hardcoded credentials to unique, strong passwords for all user accounts.
  • Upgrade the router to a firmware release that removes the default telnet service and enforces secure authentication; if no update exists, block telnet ports at the network perimeter.

Generated by OpenCVE AI on June 9, 2026 at 21:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-522

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.
Title CVE-2026-10045
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-06-09T19:09:45.684Z

Reserved: 2026-05-28T21:12:31.476Z

Link: CVE-2026-10045

cve-icon Vulnrichment

Updated: 2026-06-09T19:09:24.636Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:31.760

Modified: 2026-06-09T20:16:31.767

Link: CVE-2026-10045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:15:05Z

Weaknesses