Access Control Flaw in Tenda AC1200 Smart Dual-Band WiFi Router
CVE-2024-46450

8.1HIGH

Key Information:

Vendor: Tenda
Status: AC1200 Smart Dual-Band WiFi Router
Vendor: CVE Published:; 16 January 2025

Summary

An incorrect access control vulnerability exists in the Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50. This flaw enables attackers to exploit the router by sending crafted web requests, potentially allowing them to bypass authentication measures. Such an exploit could lead to unauthorized access to the device, compromising network integrity and leading to further security risks.

References

https://pastebin.com/BXxTqsZk

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Sep 11, 2024