CVE-2022-40845

Published: Nov 15, 2022Modified: Jul 7, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have.

Affected (1)

Products: Tenda: W15e Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda W15e Firmware	Version 15.11.0.10(1576)

Running on/with	Platform Versions
Tenda W15e	Version 2.0

Related CWEs

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (2)

https://boschko.ca/tenda_ac1200_router/

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://boschko.ca/tenda_ac1200_router/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.