Cross Site Request Forgery in Tenda AC6V1.0
CVE-2022-45674

6.5MEDIUM

Key Information:

Vendor
Tenda
Vendor
CVE Published:
2 December 2022

Summary

The Tenda AC6V1.0 router, specifically version V15.03.05.19, is susceptible to a Cross Site Request Forgery (CSRF) attack through the fromSysToolReboot function. This vulnerability could allow an attacker to execute unauthorized actions on behalf of the user, potentially leading to unwanted changes in device settings or disruptions in service without the user's consent.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.