📄 Description (English)
A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used.
🤖 AI Executive Summary
Tenda AX12 Pro V2 firmware contains hard-coded credentials in the Telnet service, allowing remote attackers to gain unauthorized access with high complexity exploitation. This vulnerability affects widely deployed networking equipment in Saudi organizations, particularly in government and enterprise environments. While a patch is available, the public disclosure and remote exploitability pose significant risk to unpatched systems.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 26, 2026 04:49
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi government agencies, military installations, and large enterprises using Tenda networking equipment for network infrastructure. Banking sector organizations (SAMA-regulated) using these devices for branch connectivity face authentication bypass risks. Telecommunications providers (STC, Mobily) and energy sector organizations may have these devices in network perimeters. Healthcare facilities and educational institutions with Tenda equipment are also at risk. The hard-coded credentials could enable lateral movement within critical infrastructure networks.
🏢 Affected Saudi Sectors
Government and Public Administration
Banking and Financial Services
Telecommunications
Energy and Utilities
Healthcare
Education
Defense and Military
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
T1078 - Valid Accounts
T1078.001 - Default Accounts
T1021.004 - Remote Services: SSH
T1021.005 - Remote Services: VNC
T1059.008 - Command and Scripting Interpreter: Network Device CLI
T1190 - Exploit Public-Facing Application
T1200 - Hardware Additions
T1556 - Modify Authentication Process
T1556.006 - Modify Authentication Process: Multi-Factor Authentication
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tenda AX12 Pro V2 devices running firmware version 16.03.49.24_cn or earlier using network scanning tools
2. Isolate affected devices from critical network segments if patching cannot be completed immediately
3. Disable Telnet service on all Tenda devices and use SSH exclusively for management
4. Change all default credentials and implement strong access controls
PATCHING GUIDANCE:
1. Download latest firmware from Tenda official website (verify authenticity)
2. Apply firmware updates during maintenance windows with change management approval
3. Test updates in non-production environment first
4. Document all patched devices and maintain inventory
COMPENSATING CONTROLS:
1. Implement network segmentation - restrict Telnet access to management VLANs only
2. Deploy firewall rules blocking port 23 (Telnet) from untrusted networks
3. Enable logging and monitoring of all Telnet connection attempts
4. Implement intrusion detection signatures for Telnet exploitation attempts
5. Deploy network access control (NAC) to prevent unauthorized device connections
DETECTION RULES:
1. Monitor for Telnet connections to Tenda devices from unexpected sources
2. Alert on multiple failed authentication attempts followed by successful Telnet sessions
3. Track firmware version changes on Tenda devices
4. Monitor for suspicious command execution via Telnet service
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Tenda AX12 Pro V2 التي تعمل بإصدار البرنامج الثابت 16.03.49.24_cn أو أقدم باستخدام أدوات فحص الشبكة
2. عزل الأجهزة المتأثرة عن قطاعات الشبكة الحرجة إذا لم يكن التصحيح ممكناً فوراً
3. تعطيل خدمة Telnet على جميع أجهزة Tenda واستخدام SSH حصرياً للإدارة
4. تغيير جميع بيانات الاعتماد الافتراضية وتنفيذ ضوابط وصول قوية
إرشادات التصحيح:
1. تحميل أحدث إصدار من البرنامج الثابت من موقع Tenda الرسمي (التحقق من الأصالة)
2. تطبيق تحديثات البرنامج الثابت خلال نوافذ الصيانة مع موافقة إدارة التغيير
3. اختبار التحديثات في بيئة غير الإنتاج أولاً
4. توثيق جميع الأجهزة المصححة والحفاظ على المخزون
الضوابط البديلة:
1. تنفيذ تقسيم الشبكة - تقييد وصول Telnet إلى شبكات إدارة فقط
2. نشر قواعد جدار الحماية لحظر المنفذ 23 من الشبكات غير الموثوقة
3. تفعيل تسجيل ومراقبة جميع محاولات اتصال Telnet
4. تنفيذ توقيعات كشف التطفل لمحاولات استغلال Telnet
5. نشر التحكم في الوصول إلى الشبكة لمنع اتصالات الأجهزة غير المصرح بها
قواعد الكشف:
1. مراقبة اتصالات Telnet بأجهزة Tenda من مصادر غير متوقعة
2. تنبيهات محاولات المصادقة الفاشلة المتعددة متبوعة بجلسات Telnet الناجحة
3. تتبع تغييرات إصدار البرنامج الثابت على أجهزة Tenda
4. مراقبة تنفيذ الأوامر المريبة عبر خدمة Telnet
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.6.1.2 - Access control and authentication mechanisms
A.8.2.1 - User access management
A.8.2.3 - Management of privileged access rights
A.8.3.1 - Password management
A.9.2.1 - User endpoint devices
A.9.4.1 - Event logging
A.9.4.2 - Protection of log information
🔵 SAMA CSF
ID.AM-2 - Software platforms and applications are inventoried
PR.AC-1 - Identities and credentials are issued and managed
PR.AC-2 - Physical access is managed
PR.AC-3 - Remote access is managed
PR.AC-4 - Access rights and privileges are managed
DE.AE-1 - A baseline of network operations is established
DE.CM-1 - The network is monitored to detect potential cybersecurity events
🟡 ISO 27001:2022
5.3 - Segregation of duties
6.2 - People screening
8.1 - Operational planning and control
8.2 - Supply chain relationships
8.3 - Information and communication
A.5.1.1 - Policies for information security
A.6.1.2 - Access to information and other associated assets
A.8.2 - User access management
A.8.3 - User responsibilities
A.9.2 - User endpoint devices
A.9.4 - Logging
🟣 PCI DSS v4.0.1
Requirement 1 - Install and maintain a firewall configuration
Requirement 2 - Do not use vendor-supplied defaults
Requirement 7 - Restrict access to data by business need-to-know
Requirement 8 - Identify and authenticate access to system components
Requirement 10 - Track and monitor all access to network resources
🔗 References & Sources 5
🔗
https://github.com/QIU-DIE/CVE/issues/49
cna@vuldb.com
Broken Link
Issue Tracking
🔗
https://vuldb.com/?ctiid.343378
cna@vuldb.com
Permissions Required
VDB Entry
🔗
https://vuldb.com/?id.343378
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://vuldb.com/?submit.740766
cna@vuldb.com
Third Party Advisory
VDB Entry
🔗
https://www.tenda.com.cn/
cna@vuldb.com
Product
📦 Affected Products / CPE 1 entries
tenda:ax12_pro_firmware:16.03.49.24_cn