325 matches found
CVE-2018-14528
Invoxia NVX220 devices allow TELNET access as admin with a default password...
CVE-2010-2967
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a 1 telnet, 2 rlogin, or 3 FTP session...
Tenda RX2 Pro Security Bypass Vulnerability (CNVD-2025-13838)
Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. A security bypass vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which can be exploited by an attacker to cause telnet access to be enabled...
CVE-2025-28202
Incorrect access control in Victure RX1800 ENV1.0.0r12110933 allows attackers to enable SSH and Telnet services without authentication...
PT-2025-19946 · Tenda · Tenda Rx3
Name of the Vulnerable Software and Affected Versions: Tenda RX3 version 16.03.13.11 multi Description: A critical issue affects the processing of the file /goform/telnet, leading to command injection. The attack may be initiated remotely. Recommendations: For Tenda RX3 version 16.03.13.11 multi,...
CVE-2025-46631
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request...
CVE-2025-46631
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request...
CVE-2025-46631
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request...
CVE-2025-46627
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address...
CVE-2025-46631
CVE-2025-46631 concerns Tenda RX2 Pro (firmware 16.03.30.14). The issue is improper access controls in the web management portal that allow an unauthenticated remote attacker to enable telnet access to the router OS by sending a request to the vulnerable endpoint "/goform/telnet". This is support...
Tenda RX2 Pro 安全漏洞
Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from a weak credentials vulnerability that stems from the use of weak credentials, which can be exploited by an attacker to authenticate to a telnet service by calculating the root password bas...
Mitel ICP VoIP 3100 安全漏洞
The Mitel ICP VoIP 3100 is a full-featured IP communications solution designed for small and medium-sized businesses and branch offices from Mitel Canada. u200b A security vulnerability exists in the Mitel ICP VoIP 3100 that originates from a system error during TELNET login waiting that disclose...
CVE-2024-35396
TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password for telnet in /webcste/cgi-bin/product.ini, which allows attackers to log in as root...
CVE-2024-46436
Hardcoded credentials in Tenda W18E V16.01.0.81625 allows unauthenticated remote attackers to gain root access to the device over the telnet service...
CVE-2024-40891
UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device via Telnet...
CVE-2024-28751
An high privileged remote attacker can enable telnet access that accepts hardcoded credentials...
CVE-2024-40891
CVE-2024-40891 affects Zyxel VMG4325-B10A legacy DSL CPE with firmware 1.00(AAFR.4)C0_20170615. A post-authentication command injection in the device management commands could let an authenticated attacker run OS commands via Telnet, enabling potentially full takeover of the device (high risk, ne...
The vulnerability of Zyxel network device software of the CPE series exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.
The vulnerability of Zyxel network devices of the CPE series exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with privileges as “supervisor” or...
VulnCheck KEV: CVE-2024-40891
Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet...
D-Link DSL6740C Incorrect Use of Privileged API Vulnerability
The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. A security vulnerability exists in the D-Link DSL6740C, which can be exploited by an attacker to modify arbitrary user passwords and later log in to Web, SSH, and Telnet services via certain APIs...