CVE-2018-5768

Name of the Vulnerable Software and Affected Versions Tenda AC15 router (affected versions not specified)

Description The issue allows a remote, unauthenticated attacker to gain remote code execution on the device. It is related to the use of predefined credentials and can be exploited by a specially crafted password parameter for the COOKIE header. This could enable an attacker to access the device remotely.

Recommendations For the Tenda AC15 router, consider changing the predefined credentials to strong, unique ones as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using predefined credentials in the affected COOKIE header until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.