Unrated severityNVD Advisory· Published Feb 10, 2025· Updated Feb 10, 2025

CVE-2024-46430

Description

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism.

Affected products

Tenda/W18Edescription
Tenda/W18Ellm-fuzzy
Range: = V16.01.0.8(1625)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

reddassolutions.com/blog/tenda_w18e_security_researchmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000