Vulnerability Details CVE-2024-46430
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.2%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2024-46430
-
cpe:2.3:h:tenda:w18e:-
-
cpe:2.3:o:tenda:w18e_firmware:16.01.0.8(1625)