Cleartext Transmission Vulnerability in Tenda N301 Router Firmware
CVE-2023-29680

5.7MEDIUM

Key Information:

Vendor: Tenda
Status: N301 Firmware
Vendor: CVE Published:; 1 May 2023

Summary

The Tenda N301 Router's firmware has a vulnerability that exposes sensitive information due to the use of cleartext transmission in cookie settings. This flaw enables an authenticated attacker on the local area network (LAN) or wireless local area network (WLAN) to intercept communications with the router, allowing them to capture the ecosystem password. Such exploitation can lead to unauthorized access to the router and connected devices, posing a significant security risk to users. It is essential for users to update their firmware to mitigate this vulnerability.

References

https://www.youtube.com/watch?v=m7ZHfFcSKpU&ab_channel=0ta

https://medium.com/%400ta/tenda-n301-v6-cve-2023-29680-cv...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2023
Vulnerability Reserved
Apr 7, 2023