Tenda AC15 Vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2024-2817

4.3MEDIUM

Key Information:

Vendor: Tenda
Status: Ac15
Vendor: CVE Published:; 22 March 2024

Badges

👾 Exploit Exists

What is CVE-2024-2817?

A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

AC15 15.03.05.18

References

https://vuldb.com/?id.257672

vdb-entrytechnical-description

https://vuldb.com/?ctiid.257672

signaturepermissions-required

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/T...

exploit

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 22, 2024
Vulnerability published
Mar 22, 2024
Vulnerability Reserved
Mar 21, 2024

Credit

yhryhryhr_tutu (VulDB User)