CVE-2024-46434 – Tenda W18E Auth Bypass

The following table lists the changes that have been made to the CVE-2024-46434 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 10, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Removed CVSS V3.1 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 10, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
    Added CWE CWE-287
  • New CVE Received by [email protected]

    Feb. 10, 2025

    Action Type Old Value New Value
    Added Description Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.
    Added Reference https://reddassolutions.com/blog/tenda_w18e_security_research

نوشته های مشابه

CVE-2024-27859 – Apple Web Content Arbitrary Code Execution Vulnerability

CVE-2025-26410 – Wattsense Bridge Hard-Coded Credentials Disclosure

CVE-2025-26411 – Wattsense Bridge Remote Code Execution Vulnerability

CVE-2024-45386 – Siemens SIMATIC PCS neo Session Hijacking Vulnerability