CVE-2026-10045 Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd CVE debrief

Who should care

Administrators and users of the Shenzhen Kangda Xin Intelligent Network Technology Company's DR300 router, version 2.1.2.121, should be aware of this vulnerability and take necessary actions to mitigate it.

Technical summary

The vulnerability is caused by hardcoded login credentials and telnet being enabled by default on WAN and LAN interfaces. This allows attackers to perform various malicious activities, including reading and writing to memory, modifying firmware, inspecting active connections, and viewing connected devices.

Defensive priority

critical

Recommended defensive actions

• Immediately update the router firmware to a version that addresses these vulnerabilities, if available.
• Disable telnet on WAN and LAN interfaces, and consider replacing it with a more secure protocol.
• Change all default login credentials and ensure strong passwords are used.
• Limit access to the router's management interface to trusted IP addresses and networks.
• Regularly monitor the router's logs and network activity for suspicious behavior.

Evidence notes

The vulnerability was reported by Rubenabreu and is documented in the CVE-2026-10045 record on CVE.org and the NVD detail page.

Official resources