CVE-2025-63666 – Tenda AC15 Authentication Bypass and Session Identification Weakness

CVE ID : CVE-2025-63666

Published : Nov. 12, 2025, 3:15 p.m. | 16 minutes ago

Description : Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…