Cross Site Request Forgery Vulnerability in Tenda i22 Router
CVE-2022-45668

6.5MEDIUM

Key Information:

Vendor: Tenda
Status: I22 Firmware
Vendor: CVE Published:; 2 December 2022

Summary

The Tenda i22 router version V1.0.0.3(4687) is susceptible to Cross Site Request Forgery (CSRF) attacks through the 'fromSysToolReboot' function. This vulnerability allows an attacker to execute unauthorized commands on behalf of the user without their consent or knowledge. Consequently, it poses a significant risk to the device's security and the data residing within the router.

References

https://github.com/Double-q1015/CVE-vulns/blob/main/tenda...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 2, 2022
Vulnerability Reserved
Nov 21, 2022