Hardcoded Credentials Vulnerability in Tenda W18E Router
CVE-2024-46429
8.8HIGH
Summary
A hardcoded credentials vulnerability in Tenda W18E routers enables unauthorized remote attackers to gain access to the web management portal. The issue arises from a default guest account provisioned with administrative privileges, allowing attackers to manipulate the router settings without authentication. This vulnerability poses significant risks to network security, enabling potential exploitation by malicious actors.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved