CVE-2026-1610 identifies a critical security vulnerability in the Tenda AX12 Pro V2 router firmware version 16.03.49.24_cn, specifically within the Telnet service component. The vulnerability arises from the presence of hard-coded credentials embedded in the firmware, which attackers can exploit remotely without requiring authentication or user interaction. These credentials provide unauthorized access to the device, potentially allowing attackers to execute arbitrary commands, manipulate device configurations, or pivot into internal networks. The attack complexity is rated high, indicating that exploitation requires advanced skills or specific conditions, and no known widespread exploitation has been observed yet. The vulnerability affects confidentiality, integrity, and availability of affected devices, as attackers can intercept or alter network traffic, disrupt services, or compromise connected systems. The CVSS 4.0 base score of 9.2 reflects the critical nature of this flaw, with attack vector being network-based and no privileges or user interaction needed. The vulnerability does not require scope changes or authentication, increasing its risk profile. The public disclosure of exploit code raises the risk of future attacks. Given the widespread use of Tenda routers in consumer and small business environments, this vulnerability poses a significant threat, especially where devices are exposed to untrusted networks or lack proper segmentation. The absence of an official patch at the time of disclosure necessitates immediate mitigation steps to reduce exposure.

For European organizations, the impact of CVE-2026-1610 can be substantial. Compromise of Tenda AX12 Pro V2 routers could lead to unauthorized network access, data interception, and manipulation, potentially affecting sensitive communications and business operations. The vulnerability undermines network perimeter security, enabling attackers to bypass authentication controls and gain persistent footholds. This can facilitate lateral movement within corporate networks, data exfiltration, or disruption of critical services. Small and medium enterprises relying on these routers for internet connectivity or VPN termination are particularly vulnerable. Additionally, critical infrastructure sectors such as energy, healthcare, and finance that utilize these devices could face operational disruptions or data breaches. The public availability of exploit code increases the likelihood of targeted attacks or opportunistic scanning by cybercriminals. The high attack complexity somewhat limits mass exploitation but does not eliminate risk to well-resourced adversaries or skilled attackers. Overall, the vulnerability threatens confidentiality, integrity, and availability of network communications and connected systems within European organizations.

1. Immediately check if Tenda AX12 Pro V2 routers running firmware version 16.03.49.24_cn are deployed within the network and isolate them if possible. 2. Disable the Telnet service on affected devices to eliminate the attack vector, if the device management allows. 3. Monitor network traffic for unusual Telnet connection attempts or unauthorized access patterns. 4. Implement network segmentation to restrict access to router management interfaces from untrusted or external networks. 5. Apply strict firewall rules to block inbound Telnet (TCP port 23) traffic from outside trusted zones. 6. Regularly audit device firmware versions and configurations to identify vulnerable devices. 7. Engage with Tenda support or vendors for firmware updates or patches addressing this vulnerability as soon as they become available. 8. Consider replacing vulnerable devices with models that do not have known hard-coded credential issues. 9. Educate IT staff about the risks of hard-coded credentials and the importance of disabling legacy protocols like Telnet. 10. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts targeting this vulnerability.