CVE-2025-63666

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.18 multi

Description The authentication cookie used by the device exposes the account password hash to the client and utilizes a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to execute JavaScript in a victim’s browser can steal the cookie and replay it to gain access to protected resources.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.