Cleartext Transmission Vulnerability in Tenda N301 by Tenda
CVE-2023-29681

5.7MEDIUM

Key Information:

Vendor: Tenda
Status: N301 Firmware
Vendor: CVE Published:; 1 May 2023

Summary

The Tenda N301 router, specifically version 6.0 with firmware v12.03.01.06_pt, is susceptible to a cleartext transmission vulnerability. This flaw enables an authenticated local attacker to intercept vulnerable cookie communications on both LAN and WLAN. By exploiting this weakness, an attacker could gain unauthorized access to sensitive information, including the router's password, potentially compromising the security of the network. Users of this device are strongly advised to review security best practices and consider firmware updates to mitigate any associated risks.

References

https://www.youtube.com/watch?v=Xy9_hmpvvA4&ab_channel=0ta

https://medium.com/%400ta/tenda-n301-v6-cve-2023-29680-cv...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2023
Vulnerability Reserved
Apr 7, 2023