CVE-2024-46430 – Tenda W18E Authentication Bypass

The following table lists the changes that have been made to the CVE-2024-46430 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 10, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
    Added CWE CWE-284
  • New CVE Received by [email protected]

    Feb. 10, 2025

    Action Type Old Value New Value
    Added Description Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism.
    Added Reference https://reddassolutions.com/blog/tenda_w18e_security_research

نوشته های مشابه

CVE-2024-45386 – Siemens SIMATIC PCS neo Session Hijacking Vulnerability

CVE-2024-13643 – Zox News – WordPress News & Magazine Theme Plugin Unauthenticated Option Manipulation Vulnerability

CVE-2025-0180 – WordPress Foodbakery Plugin Privilege Escalation Vulnerability

CVE-2025-0181 – WordPress Foodbakery Plugin Privilege Escalation Vulnerability