Stored Cross Site Scripting Vulnerability in Tenda AC1200 Router
CVE-2022-40846

4.8MEDIUM

Key Information:

Vendor: Tenda
Status: W15e Firmware
Vendor: CVE Published:; 15 November 2022

What is CVE-2022-40846?

The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) contains a Stored Cross Site Scripting (XSS) vulnerability. This flaw permits attackers to inject and execute malicious JavaScript code through stored hostnames in the application, potentially compromising the security of the device and exposing sensitive user data. Ensuring timely updates and implementing security measures can mitigate the risks associated with this vulnerability.

References

https://boschko.ca/tenda_ac1200_router/

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2022
Vulnerability Reserved
Sep 19, 2022