Lucene search
K

4 matches found

EUVD
EUVD
added 2025/11/12 3:31 p.m.4 views

EUVD-2025-131903

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

6.9AI score0.00431EPSS
Exploits1References3
OSV
OSV
added 2025/11/12 3:15 p.m.2 views

CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

9.8CVSS5.8AI score0.00431EPSS
Exploits1References1
NVD
NVD
added 2025/11/12 3:15 p.m.4 views

CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

9.8CVSS0.00431EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.4 views

Tenda AC15 安全漏洞

Tenda AC15 is a wireless router from Tenda China. A security vulnerability exists in Tenda AC15 version v15.03.05.18multi, which stems from an authentication cookie that exposes a password hash and uses a low entropy session identifier, which could lead to session hijacking...

9.8CVSS7AI score0.00431EPSS
Exploits1References3
Rows per page
Query Builder