6.5

CVE-2024-46430

Exploit

EPSS 0.79%
Veröffentlicht 10.02.2025 19:15:38
Zuletzt bearbeitet 25.03.2025 18:12:41
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 0 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.79%	0.513

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://reddassolutions.com/blog/tenda_w18e_security_research

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-46430

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-46430

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-46430

EUVD