PT-2024-2217 · Tenda · Tenda Ac18

Yhryhryhr_Backup

Published

2024-03-08

Updated

2025-01-27

CVE-2024-2559

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.05

Description The issue is related to insufficient authentication of requests executed by the fromSysToolReboot() function, which can be exploited to launch a cross-site request forgery (CSRF) attack. This can be done remotely. The fromSysToolReboot() function is affected in the /goform/SysToolReboot file.

Recommendations For Tenda AC18 version 15.03.05.05, as a temporary workaround, consider disabling the fromSysToolReboot() function until a patch is available. Restrict access to the /goform/SysToolReboot endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

BDU:2024-02145

CVE-2024-2559

Affected Products

Tenda Ac18

PT-2024-2217 · Tenda · Tenda Ac18

CVE-2024-2559

Weakness Enumeration

Related Identifiers

Affected Products

References · 10