ZTE ZXV10 W300 Wireless Router Hardcoded Credentials Security Bypass Vulnerability

Summary
ZTE ZXV10 W300 wireless router is prone to a security-bypass vulnerability.
Impact
Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device.
Solution
Ask the Vendor for an update.
Insight
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
Affected
ZTE ZXV10 W300 running firmware version 2.1.0 is vulnerable other versions may also be affected.
Detection
Try to login into the telnet service.
References