CVE 9.8 CRITICAL

CVE-2026-10045_CVE-2026-10045

June 9, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.

AI Analysis

Hardcoded login credentials and telnet enabled by default allow attackers to read and write to memory, modify firmware, inspect active connections, and view connected devices.

Basic Information

ID CVE-2026-10045

Source certcc

Published Jun 9, 2026 at 18:09

Modified Jun 9, 2026 at 19:09

Affected Product

Vendor Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd

Product DR300

Version 2.1.2.121

Affected Versions Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd DR300 2.1.2.121

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd

Product DR300

Version 2.1.2.121

References

rubenabreu.xyz /post/temu-routers-and-their-implications

{
    "lastseen": "",
    "description": "Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.",
    "published": "2026-06-09T18:09:56.599Z",
    "modified": "2026-06-09T19:09:45.684Z",
    "type": "cve",
    "title": "CVE-2026-10045",
    "source": "certcc",
    "references": "https://rubenabreu.xyz/post/temu-routers-and-their-implications",
    "id": "CVE-2026-10045",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd DR300 2.1.2.121",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DR300",
    "version": "2.1.2.121",
    "vendor": "Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd",
    "ai_description": "Hardcoded login credentials and telnet enabled by default allow attackers to read and write to memory, modify firmware, inspect active connections, and view connected devices.",
    "ai_severity": "Critical",
    "ai_vendor": "Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd",
    "ai_product": "DR300",
    "ai_version": "2.1.2.121",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply