Sensitive Information Disclosure in Tenda W18E
CVE-2024-46437
6.5MEDIUM
Summary
The Tenda W18E features a significant vulnerability in its web management portal that permits unauthenticated remote attackers to exploit the system. By utilizing a specially crafted HTTP POST request directed at the getQuickCfgWifiAndLogin function, attackers can bypass existing authentication measures. This oversight enables the unauthorized retrieval of sensitive information such as WiFi SSID, WiFi passwords, and base64-encoded administrator credentials, posing a serious risk to user privacy and network security.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved