Description
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 (V603) allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write arbitrary memory via the serial console.
Published: 2026-06-26
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a physically proximate attacker to read stored WPA2 credentials in cleartext and to read or write arbitrary memory via the UART debug console, because the rr/wr memory read/write commands lack authentication. The weaknesses involve insecure storage of sensitive information (CWE‑312) and improper access control on the debug console, which together enable an attacker to disclose network credentials and manipulate memory content on the device. The description does not state that firmware is compromised or that configuration can be changed, so the impact is limited to data exposure and memory modification as described.

Affected Systems

The affected product is the Tenda N300 F3 (V603), a consumer Wi‑Fi router manufactured by Tenda. No other vendors or product versions appear to be impacted in the available data.

Risk and Exploitability

Exploitation requires physical proximity to the router’s serial interface. Once accessed, an attacker can read or write any memory location via the UART console, which may lead to further attacks but is not explicitly documented in the description. The CVSS score is 4.6, the EPSS score is < 1 %, and the vulnerability is not listed in CISA’s KEV catalog.

Generated by OpenCVE AI on June 29, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or lock the UART debug console to prevent unauthenticated serial access
  • Physically secure or lock the router to prevent unauthorized access to its serial interface
  • Check the vendor’s website for firmware updates that address this vulnerability and apply them if available

Generated by OpenCVE AI on June 29, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda n300 F3
Vendors & Products Tenda
Tenda n300 F3

Mon, 29 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Cleartext WPA2 Credentials and Unauthenticated Memory Access via UART on Tenda N300

Mon, 29 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Title Cleartext WLAN Credentials Exposure and UART Memory Manipulation
Weaknesses CWE-200
CWE-285
CWE-311

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-312
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Cleartext WLAN Credentials Exposure and UART Memory Manipulation
Weaknesses CWE-200
CWE-285
CWE-311

Fri, 26 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 (V603) allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write arbitrary memory via the serial console.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-29T13:32:09.896Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-38571

cve-icon Vulnrichment

Updated: 2026-06-29T13:30:56.032Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T20:08:28Z

Weaknesses
  • CWE-312

    Cleartext Storage of Sensitive Information