CVE-2024-46450

Name of the Vulnerable Software and Affected Versions Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 version 2.0 Firmware v15.03.06.50

Description The issue is related to incorrect access control in the Tenda AC1200 Smart Dual-Band WiFi Router, which allows attackers to bypass authentication via a crafted web request. This can enable a remote attacker to gain unauthorized access to the device. The vulnerability is associated with a lack of necessary checks when changing the password.

Recommendations For Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 version 2.0 Firmware v15.03.06.50, consider disabling remote access to the device until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the device's web interface for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.