4 matches found
EUVD-2025-131903
Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...
CVE-2025-63666
Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...
CVE-2025-63666
Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...
Tenda AC15 安全漏洞
Tenda AC15 is a wireless router from Tenda China. A security vulnerability exists in Tenda AC15 version v15.03.05.18multi, which stems from an authentication cookie that exposes a password hash and uses a low entropy session identifier, which could lead to session hijacking...