← Back

CVE-2024-46430

nvd nist
Published: Feb 10, 2025Modified: Mar 25, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism.

Affected (1)

Products: Tenda: W18e Firmware
Tenda
1 product
W18e Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
W18e Firmware
Version 16.01.0.8(1625)
Running on/withPlatform Versions
Tenda
W18e
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

Source: cve@mitre.org
ExploitThird Party Advisory

Timeline

No history available yet.