Cross Site Request Forgery in Tenda AC1206 Router
CVE-2022-42078

6.5MEDIUM

Key Information:

Vendor: Tenda
Status: Ac1206 Firmware
Vendor: CVE Published:; 12 October 2022

What is CVE-2022-42078?

The Tenda AC1206 router is susceptible to a Cross Site Request Forgery (CSRF) attack through the function fromSysToolRestoreSet. An attacker can exploit this vulnerability to perform unauthorized actions on behalf of a user, potentially leading to changes in configuration or unauthorized access to sensitive information. To enhance security, it is essential to implement measures that safeguard against CSRF attacks, such as employing anti-CSRF tokens and ensuring secure coding practices are followed.

References

https://github.com/tianhui999/myCVE/blob/main/AC1206/AC12...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2022
Vulnerability Reserved
Oct 3, 2022