PT-2020-12471 · Tenda · Tenda Ac15 Ac1900

Published

2020-07-13

Updated

2020-07-15

CVE-2020-10986

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Tenda AC15 AC1900 version 15.03.05.19

Description A CSRF issue allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page, specifically targeting the "goform/SysToolReboot" endpoint.

Recommendations For Tenda AC15 AC1900 version 15.03.05.19, consider disabling access to the /goform/SysToolReboot endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this endpoint in production environments until the issue is resolved.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-10986

Affected Products

Tenda Ac15 Ac1900

PT-2020-12471 · Tenda · Tenda Ac15 Ac1900

CVE-2020-10986

Weakness Enumeration

Related Identifiers

Affected Products

References · 5