Cyber Resilience

CVE-2024-46433

HighPublic PoC

Published: 10 February 2025

Published
10 February 2025
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0097 77.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46433 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Tenda W18E Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 23.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2024-46433 is a default credentials vulnerability (CWE-798) in the Tenda W18E router firmware version V16.01.0.8(1625). It enables unauthenticated remote attackers to access the web management portal using the default "rzadmin" account, which possesses administrative privileges. The issue carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-02-10.

An attacker with access to the adjacent network can exploit this vulnerability with low complexity and no required privileges or user interaction. Upon logging in with the default credentials, the attacker gains administrative control over the device, potentially allowing high-impact confidentiality, integrity, and availability compromises, such as modifying configurations, extracting sensitive data, or disrupting network operations.

Mitigation details are available in the security research advisory at https://reddassolutions.com/blog/tenda_w18e_security_research.

EU & UK References

Vulnerability details

A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Direct default credentials vulnerability (CWE-798) enabling use of hardcoded administrative account for initial access to network device management interface.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-46429Same product: Tenda W18E
CVE-2024-46436Same product: Tenda W18E
CVE-2024-46431Same product: Tenda W18E
CVE-2024-46434Same product: Tenda W18E
CVE-2024-46435Same product: Tenda W18E
CVE-2024-46432Same product: Tenda W18E
CVE-2026-1610Same vendor: Tenda
CVE-2025-30122Shared CWE-798
CVE-2026-25803Shared CWE-798
CVE-2026-24346Shared CWE-798

Affected Assets

tenda
w18e firmware
16.01.0.8\(1625\)

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-2 requires organizations to change default authenticators and manage accounts, directly preventing exploitation of the factory default 'rzadmin' credentials.

prevent

IA-5 mandates changing default authenticators prior to first use and proper management of passwords, comprehensively addressing the hardcoded default credentials vulnerability.

prevent

CM-6 ensures secure baseline configuration settings are implemented and monitored, including modification of default credentials on the router's web management portal.

References