Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-40843

CWE-863Incorrect Authorization5 documents5 sources
Severity
4.9MEDIUM
EPSS
40.4%
top 2.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Tenda W15e Firmware
Timeline
PublishedNov 15

Description

The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

NVDtenda/w15e_firmware15.11.0.10\(1576\)

🔴Vulnerability Details

3
CVEList
CVE-2022-40843: The Tenda AC1200 V-W15Ev2 V152022-11-15
GHSA
GHSA-25jx-22x6-2cx2: The Tenda AC1200 V-W15Ev2 V152022-11-15
VulnCheck
Tenda w15e_firmware Exposure of Sensitive Information to an Unauthorized Actor2022

💥Exploits & PoCs

1
Nuclei
Tenda AC1200 V-W15Ev2 - Authentication Bypass
CVE-2022-40843 (MEDIUM CVSS 4.9) | The Tenda AC1200 V-W15Ev2 V15.11.0. | cvebase.io