PT-2014-6362 · Tenda · Tenda A5S

Published

2014-08-22

Updated

2017-09-08

CVE-2014-5246

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda A5s router version 3.02.05 CN

Description The issue allows remote attackers to bypass authentication and gain administrator access. This is achieved by setting the admin:language cookie to zh-cn, allowing unauthorized access to the router's administrative interface.

Recommendations For Tenda A5s router version 3.02.05 CN, consider disabling remote access to the administrative interface until a patch is available. Restrict access to the router's configuration to minimize the risk of exploitation. Avoid using the admin:language cookie with the value zh-cn in the affected router's firmware until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-5246

Affected Products

Tenda A5S

PT-2014-6362 · Tenda · Tenda A5S

CVE-2014-5246

Weakness Enumeration

Related Identifiers

Affected Products

References · 7