Lucene search

[email protected]CVE-2022-40843

HistoryNov 15, 2022 - 2:15 a.m.

CVE-2022-40843

2022-11-1502:15:09

[email protected]

web.nvd.nist.gov

cve-2022-40843

tenda ac1200

v-w15ev2

router

improper authorization

improper session management

bypass login page

syslog.log

md5 password

administrator's user account

nvd

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.186 Low

EPSS

Percentile

96.3%

JSON

The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator’s user account.

Affected configurations

NVD

Node

tendaac1200_v-w15ev2Match-

AND

tendaw15e_firmwareMatch15.11.0.10\(1576\)

CPENameOperatorVersion
tenda:w15e_firmwaretenda w15e firmwareeq15.11.0.10\(1576\)

CPE	Name	Operator	Version
tenda:w15e_firmware	tenda w15e firmware	eq	15.11.0.10\(1576\)

References

boschko.ca/tenda_ac1200_router/

Social References

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.186 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2022-40843

cnvd1 cvelist1 nvd1 prion1 nuclei1