PT-2026-24098 · Tenda · Tenda W15E
Jhx-Ui
·
Publicado
2026-03-09
·
Atualizado
2026-03-09
·
CVE-2026-30140
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tenda W15E version V02.03.01.26 cn
Description
An incorrect access control issue exists that allows an unauthenticated attacker to access the
/cgi-bin/DownloadCfg/RouterCfm.jpg endpoint. This access enables the download of the configuration file, which contains administrator credentials in plaintext. Successful exploitation can lead to sensitive information disclosure and potential remote administrative access.Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the
/cgi-bin/DownloadCfg/RouterCfm.jpg endpoint.Exploit
Correção
LPE
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tenda W15E