How is CVE-2026-10045 exploited?

Network reachability (required): The attacker must reach the device over the network; telnet is exposed on both WAN and LAN interfaces by default, making this reachable from the public internet as well as internal networks. Authentication (not-required): No credential discovery is needed because the device ships with hardcoded credentials, effectively removing authentication as a barrier. Victim interaction (not-required): No user action is required; the attacker connects directly to the telnet service without involving any device user. Attack complexity (info): Attack complexity is low: the exploit is straightforward and reliable, requiring no race conditions, memory-layout knowledge, or other environmental preconditions.

What is the impact of CVE-2026-10045?

Attacker reads and writes directly to device memory, gaining full visibility into runtime state and the ability to alter it. Attacker modifies firmware stored in flash, enabling persistent backdoors or malicious code that survive reboots. Attacker inspects all active network connections passing through or managed by the router. Attacker enumerates all currently connected devices on the network, supporting reconnaissance for follow-on attacks.

Back to search

CRITICALCVE-2026-10045Published 2026-06-09Modified 2026-06-09CNA certcc

CVE-2026-10045: CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is an authentication bypass and hardcoded-credentials vulnerability in the Shenzhen Kangda Xin DR300 router (firmware version 2.1.2.121). The device ships with telnet enabled by default on both its WAN and LAN interfaces and uses hardcoded login credentials, meaning any attacker who can reach the device over a network can log in without knowing or guessing a password. Successful exploitation gives the attacker full read/write access to device memory, the ability to modify flash-stored firmware, and visibility into all active and connected network clients. No fix version has been published; HarborGuard tracks the advisory and will make a patched-image rebuild available as soon as the vendor ships a corrected firmware release.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle or reference DR300 firmware artifacts. Any image in a connected registry or CI pipeline that carries the affected firmware version is flagged automatically.

Available

Triage

HarborGuard scores this CVE at CVSS 9.8 Critical and weights it against each customer environment's compliance policy to determine urgency and routing. Findings are dispatched to the appropriate team inbox within each customer org based on image ownership and policy configuration.

Available

Patch

No upstream fix is currently available. HarborGuard re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available the moment the vendor publishes a corrected firmware version. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the device over the network; telnet is exposed on both WAN and LAN interfaces by default, making this reachable from the public internet as well as internal networks.
AuthenticationNot required
No credential discovery is needed because the device ships with hardcoded credentials, effectively removing authentication as a barrier.
Victim interactionNot required
No user action is required; the attacker connects directly to the telnet service without involving any device user.
Attack complexityDetail
Attack complexity is low: the exploit is straightforward and reliable, requiring no race conditions, memory-layout knowledge, or other environmental preconditions.

Blast Radius

Attacker reads and writes directly to device memory, gaining full visibility into runtime state and the ability to alter it.
Attacker modifies firmware stored in flash, enabling persistent backdoors or malicious code that survive reboots.
Attacker inspects all active network connections passing through or managed by the router.
Attacker enumerates all currently connected devices on the network, supporting reconnaissance for follow-on attacks.

How HarborGuard Handles This

Available on HarborGuard: detection of this CVE is active across every connected registry and pipeline, with matching against any image carrying the affected DR300 firmware version (2.1.2.121) completing within minutes of CVE publication. Because no vendor fix exists today, HarborGuard monitors the advisory on every ingest cycle and will trigger the full rebuild-and-PR flow for customers with auto-remediation enabled the moment an upstream patch is published. In the interim, compensating controls worth considering include network-policy isolation to block unsolicited inbound telnet (TCP 23) at the perimeter and on internal segments, egress filtering to limit what the device can reach if compromised, and disabling or firewall-blocking the WAN-facing telnet interface where the router management interface permits it. Triage findings for this CVE are routed according to each environment's compliance policy weighting, ensuring the right team receives the alert without manual sorting.

See how HarborGuard automates this

Affected packages

Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd / DR300
2.1.2.121

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

rubenabreu.xyz

Metrics

Get notified