CVE-2026-1610 CRITICAL

CVE-2026-1610: Tenda AX12 Pro V2 Telnet Service hard-coded credentials

Vendor Tenda
Product AX12 Pro V2
Weakness CWE-798 · Hardcoded credentials
Published January 29, 2026
Last update February 23, 2026

CVSS base score

9.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used.

Key dates

02Disclosure timeline

January 29, 2026 CVE published
February 23, 2026 Record updated