PT-2024-13449 · Tenda · Tenda Ax3+3
Xiaobye_Tw
·
Published
2024-02-20
·
Updated
2024-08-26
·
CVE-2023-47422
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda TX9 V1 version 22.03.02.54
Tenda AX3 V3 version 16.03.12.11
Tenda AX9 V1 version 22.03.01.46
Tenda AX12 V1 version 22.03.01.46
Description
An access control issue in /usr/sbin/httpd allows attackers to bypass authentication on any endpoint via a crafted URL.
Recommendations
For Tenda TX9 V1 version 22.03.02.54, update to a version that fixes the access control issue.
For Tenda AX3 V3 version 16.03.12.11, update to a version that fixes the access control issue.
For Tenda AX9 V1 version 22.03.01.46, update to a version that fixes the access control issue.
For Tenda AX12 V1 version 22.03.01.46, update to a version that fixes the access control issue.
As a temporary workaround, consider restricting access to the /usr/sbin/httpd endpoint until a patch is available.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Ax12
Tenda Ax3
Tenda Ax9
Tenda Tx9