CVE-2022-40843

Name of the Vulnerable Software and Affected Versions Tenda AC1200 V-W15Ev2 version V15.11.0.10(1576)

Description The issue concerns improper authorization and improper session management, allowing the router login page to be bypassed. This enables authenticated attackers to read the router's syslog.log file, which contains the MD5 password of the Administrator's user account.

Recommendations For version V15.11.0.10(1576), consider restricting access to the syslog.log file to prevent unauthorized reading of the Administrator's password. As a temporary workaround, restrict access to the router's login page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.