Dr300
Monthly
Hardcoded credentials and default-enabled telnet on the Shenzhen Kangda Xin DR300 router (firmware 2.1.2.121) allow remote unauthenticated attackers to gain full administrative access over both WAN and LAN interfaces. With CVSS 9.8 and SSVC indicating proof-of-concept exploit code with total technical impact, attackers can read/write device memory, modify flash-resident firmware, and enumerate connected devices and active connections. No CISA KEV listing exists, but publicly available exploit code exists and the issue is automatable.
Hardcoded credentials and default-enabled telnet on the Shenzhen Kangda Xin DR300 router (firmware 2.1.2.121) allow remote unauthenticated attackers to gain full administrative access over both WAN and LAN interfaces. With CVSS 9.8 and SSVC indicating proof-of-concept exploit code with total technical impact, attackers can read/write device memory, modify flash-resident firmware, and enumerate connected devices and active connections. No CISA KEV listing exists, but publicly available exploit code exists and the issue is automatable.