CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-46437

A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.7%

CVSS Severity

CVSS v3 Score 6.5

References

https://reddassolutions.com/blog/tenda_w18e_security_research

Products affected by CVE-2024-46437

Tenda » W18e » Version: N/A

cpe:2.3:h:tenda:w18e:-
Tenda » W18e Firmware » Version: 16.01.0.8(1625)

cpe:2.3:o:tenda:w18e_firmware:16.01.0.8(1625)

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-46437

Products

Pricing

Contact Us