VYPR
Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Nov 18, 2025

CVE-2025-63666

CVE-2025-63666

Description

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Tenda/AC15cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = v15.03.05.18_multi

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.