CVE-2026-38571
MediumCVSS 4.6Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
In the unauthenticated UART debug console of the Tenda N300 F3 (V603) router, WPA2 credentials are stored and exposed in cleartext, and the rr/wr memory read/write commands lack authentication. A physically proximate attacker can obtain these credentials and arbitrarily read or write memory via the serial port.
Risk Assessment
The organization risks Wi-Fi password theft and potential takeover of the router, which could lead to further attacks on the internal network.
Recommendation
Immediately update the Tenda N300 F3 router firmware to the latest version if a patch is available, or consider replacing the device with a model that has a secured debug console.
Original NVD description (English source)
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 (V603) allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write arbitrary memory via the serial console.

