Shenzhen Kangda Xin DR300 Router (v2.1.2.121): Hardcoded Credentials and Telnet Enabled by Default

critical-cve-against-infra · active

The Shenzhen Kangda Xin DR300 router (firmware version 2.1.2.121) ships with hardcoded login credentials and telnet enabled by default on both WAN and LAN interfaces. Attackers can read and write memory, modify firmware in flash, inspect active connections, and view connected devices.

Affected packages

Sources

• ghsahttps://github.com/advisories/GHSA-8rf8-hpj2-cpgg
• nvdhttps://nvd.nist.gov/vuln/detail/CVE-2026-10045
• google-searchhttps://rubenabreu.xyz/post/temu-routers-and-their-implications