Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Nov 18, 2025
CVE-2025-63666
CVE-2025-63666
Description
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.