Skip to main content

Kangda DR300 Router EUVDEUVD-2026-35790

| CVE-2026-10045 CRITICAL
2026-06-09 certcc GHSA-8rf8-hpj2-cpgg
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 21:23 vuln.today
CVSS changed
Jun 09, 2026 - 20:22 NVD
9.8 (CRITICAL)
CVE Published
Jun 09, 2026 - 18:09 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.

AnalysisAI

Hardcoded credentials and default-enabled telnet on the Shenzhen Kangda Xin DR300 router (firmware 2.1.2.121) allow remote unauthenticated attackers to gain full administrative access over both WAN and LAN interfaces. With CVSS 9.8 and SSVC indicating proof-of-concept exploit code with total technical impact, attackers can read/write device memory, modify flash-resident firmware, and enumerate connected devices and active connections. No CISA KEV listing exists, but publicly available exploit code exists and the issue is automatable.

Technical ContextAI

The DR300 is a consumer/SOHO router from Shenzhen Kangda Xin Intelligent Network Technology, identified by CPE cpe:2.3:a:shenzhen_kangda_xin_intelligent_network_technology_co.,_ltd:dr300. The flaw combines two classic embedded-device weaknesses: hardcoded/static login credentials baked into firmware (aligning with CWE-798 Use of Hard-coded Credentials) and an exposed telnet management service (cleartext protocol on TCP/23) bound to both LAN and WAN interfaces by default. Although no CWE was assigned in the input, the behavior maps to CWE-798 (hardcoded credentials) and CWE-1188 (insecure default initialization of resource), compounded by use of a cleartext protocol (CWE-319). Because telnet listens on the WAN side, the device is fully reachable from the public internet on its default configuration, and the static credentials guarantee successful authentication once the port is reached.

RemediationAI

No vendor-released patch identified at time of analysis, and no vendor advisory was included in the provided references. As compensating controls, immediately disable the telnet service on both LAN and WAN interfaces if the device's administrative UI allows it; if the embedded credentials cannot be removed via configuration, treat the device as untrusted. At the network boundary, block inbound TCP/23 (and outbound, to prevent reuse for C2) at upstream firewalls or ISP CPE, and isolate the DR300 on a dedicated VLAN with no access to internal trust zones - note this still leaves LAN-side exploitation possible from any compromised host on the same segment. Where feasible, replace the device entirely, since hardcoded credentials baked into firmware cannot be remediated without a vendor firmware update. Monitor for the writeup at https://rubenabreu.xyz/post/temu-routers-and-their-implications and the EUVD entry EUVD-2026-35790 for patch availability updates.

Share

EUVD-2026-35790 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy