PT-2023-22358 · Tenda · Tenda N301
Published
2023-05-01
·
Updated
2025-01-30
·
CVE-2023-29681
CVSS v3.1
5.7
Medium
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tenda N301 version 6.0, firmware versions 12.02.01.61 multi through 12.03.01.06 pt
Description
The issue allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password due to cleartext transmission in the
ecos pw cookie.Recommendations
For Tenda N301 version 6.0, firmware versions 12.02.01.61 multi through 12.03.01.06 pt, consider restricting access to the router's administration interface to minimize the risk of exploitation until a patch is available.
As a temporary workaround, avoid using the
ecos pw cookie in the affected set-cookie endpoint until the issue is resolved.Exploit
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda N301