CVE Catalog

CVE-2026-10045

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile — higher than 12% of all known CVEs

Summary

The router from Shenzhen Kangda Xin Intelligent Network Technology, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.

Risk Assessment

The risk to the organization involves the potential for unauthorized access to the device, which could lead to data compromise and configuration modification.

Recommendation

It is recommended to disable telnet and change the default login credentials to stronger ones, as well as to regularly update the router's firmware.

Original NVD description (English source)

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS