CVE-2024-46430

CWE-284Improper Access Control3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 84.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda W18e Firmware
Timeline
PublishedFeb 10

Description

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDtenda/w18e_firmware16.01.0.8\(1625\)

🔴Vulnerability Details

2
GHSA
GHSA-ccw5-hpm4-mg3c: Tenda W18E V162025-02-10
CVEList
CVE-2024-46430: Tenda W18E V162025-02-10
CVE-2024-46430 (MEDIUM CVSS 6.5) | Tenda W18E V16.01.0.8(1625) is vuln | cvebase.io