Stored Cross Site Scripting Vulnerability in Tenda AC1200 Router
CVE-2022-40844

5.4MEDIUM

Key Information:

Vendor: Tenda
Status: W15e Firmware
Vendor: CVE Published:; 15 November 2022

What is CVE-2022-40844?

The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. This security flaw allows attackers to inject and execute malicious JavaScript code through the router's website filtering tab, particularly within the URL body. Successful exploitation of this vulnerability could lead to unauthorized actions being executed on behalf of legitimate users, compromising the integrity and confidentiality of the user's data.

References

https://boschko.ca/tenda_ac1200_router/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2022
Vulnerability Reserved
Sep 19, 2022