Impact
The vulnerability allows a physically proximate attacker to read stored WPA2 credentials in cleartext and to read or write arbitrary memory via the UART debug console, because the rr/wr memory read/write commands lack authentication. The weaknesses involve insecure storage of sensitive information (CWE‑312) and improper access control on the debug console, which together enable an attacker to disclose network credentials and manipulate memory content on the device. The description does not state that firmware is compromised or that configuration can be changed, so the impact is limited to data exposure and memory modification as described.
Affected Systems
The affected product is the Tenda N300 F3 (V603), a consumer Wi‑Fi router manufactured by Tenda. No other vendors or product versions appear to be impacted in the available data.
Risk and Exploitability
Exploitation requires physical proximity to the router’s serial interface. Once accessed, an attacker can read or write any memory location via the UART console, which may lead to further attacks but is not explicitly documented in the description. The CVSS score is 4.6, the EPSS score is < 1 %, and the vulnerability is not listed in CISA’s KEV catalog.
OpenCVE Enrichment