External risk intelligence

Kangda Xin DR300 Router Hardcoded Credentials and Telnet Enable Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-10045

A critical vulnerability exists in Shenzhen Kangda Xin Intelligent Network Technology Company routers due to hardcoded credentials and default Telnet access. This allows unauthenticated attackers to read/write memory, modify firmware, and inspect network activity, posing a significant security risk. The vulnerability i

5Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-10045

The vulnerability involves a router with telnet enabled by default on the WAN interface, which is designed to be directly exposed to the internet. Since the device is intended for network connectivity and the management interface is open by default on the public-facing side, it is very likely to be reachable from the internet.

PCI scan relevance

PCI Relevance for CVE-2026-10045

Yes

CVE-2026-10045 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

Hardcoded credentials and enabled Telnet on a router allow for memory manipulation and firmware modification, posing a significant risk to network security.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in Shenzhen Kangda Xin Intelligent Network Technology Company's DR300 router, stemming from hardcoded login credentials and enabled Telnet services. This could allow unauthorized access to read and write memory, alter firmware, and monitor network activity, posing a significant security risk.

Default router access is unsecured.
Critical access allows deep system compromise.
Confirm relevance and exposure of affected devices.

Attack Path

How an attacker could exploit the issue

An attacker could begin by scanning for vulnerable routers on the internet. Since the router has Telnet enabled by default on its external-facing interface, an attacker could directly connect to it without needing any prior access or authentication. Once connected, the hardcoded credentials would allow the attacker to gain full control, leading to the ability to read and write memory, alter the device's firmware, and monitor network activity.

No authentication needed for access.
Telnet enabled on external interface.
Full device control and data access.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated attacker to access sensitive router memory, modify its firmware, and inspect network traffic and connected devices. This is possible when the router is configured with default settings and exposed to a network.

Router firmware and memory.
Unauthenticated network access.
Unauthorized system control.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The presence of hardcoded credentials and enabled Telnet on Shenzhen Kangda Xin Intelligent Network Technology Company's DR300 routers necessitates immediate action by network and security teams. The first practical step is to identify all instances of these routers within the environment, confirm their network exposure, and determine their criticality to business operations. Once ownership is established, a remediation plan can be developed based on the assessed risk, potentially involving configuration changes, firmware updates if available, or vendor coordination for a more permanent fix.

Network and Security Teams own this issue.
Verify external reachability and device criticality.
Plan remediation or mitigation immediately.

Frequently asked questions

What is the Shenzhen Kangda Xin DR300 router?

The DR300 is a networking device produced by Shenzhen Kangda Xin Intelligent Network Technology Company. It is typically used to manage home or small office internet connectivity, routing traffic between local devices and the broader web. Because it acts as the gateway for a network, it is a critical component for managing traffic flow and maintaining secure connections for everything else on the local network.

How does CVE-2026-10045 impact device security?

This CVE describes a severe weakness where the router contains hardcoded credentials—pre-set passwords that cannot be changed by the user—combined with an active Telnet management service. This class of vulnerability essentially bypasses the authentication layer. Because the device trusts these embedded credentials, an unauthorized user can gain total administrative control over the router's operating system, firmware, and traffic logs.

Do I need to be on the local network to trigger this bug?

No. The vulnerability is triggered via the router's Telnet interface, which is enabled by default on both internal and external (WAN) network ports. This means an attacker does not need prior access to your local Wi-Fi or wired network to initiate the connection. If the device's management interface is reachable from the internet, the attacker can attempt to log in remotely without being physically nearby.

Why is this router considered a high-risk device?

According to Halo Surface Signal, this vulnerability is very likely to be reachable from the internet because the Telnet service is active by default on the WAN interface. Since the WAN port is the part of the router designed to face the public internet, any device running this specific firmware version is essentially broadcasting an open, unauthenticated door to any scanner looking for this hardware.

What should I do if I use this router model?

First, conduct a search of your network to locate any instances of the DR300 hardware. Prioritize verifying whether these devices are accessible from the public internet. If you find one, assess its role in your environment and prepare to disable Telnet or restrict its access immediately. Contact the manufacturer for official firmware updates or guidance on how to secure the management interface against unauthorized access.

References

rubenabreu.xyz/post/temu-routers-and-their-implications

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.