cnvd - cnvd-2022-80693

CNVD-2022-80693

Vulnerability from cnvd - Published: 2022-11-24

Title

Tenda AC1200授权错误漏洞

Description

Tenda AC1200是中国腾达（Tenda）公司的一款无线路由器。 Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576)存在授权错误漏洞。经过身份认证的攻击者可利用该漏洞读取路由器的syslog.log文件，该文件中包含管理员用户账户的MD5密码。

Severity

中

Formal description

目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： https://nvd.nist.gov/vuln/detail/CVE-2022-40843

Reference

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40843

Impacted products

Name
NETGEAR AC1200 v2 15.11.0.10(1576)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-40843",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-40843"
    }
  },
  "description": "Tenda AC1200\u662f\u4e2d\u56fd\u817e\u8fbe\uff08Tenda\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nTenda AC1200 Router Model W15Ev2 V15.11.0.10(1576)\u5b58\u5728\u6388\u6743\u9519\u8bef\u6f0f\u6d1e\u3002\u7ecf\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u8def\u7531\u5668\u7684syslog.log\u6587\u4ef6\uff0c\u8be5\u6587\u4ef6\u4e2d\u5305\u542b\u7ba1\u7406\u5458\u7528\u6237\u8d26\u6237\u7684MD5\u5bc6\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40843",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-80693",
  "openTime": "2022-11-24",
  "products": {
    "product": "NETGEAR AC1200 v2 15.11.0.10(1576)"
  },
  "referenceLink": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40843",
  "serverity": "\u4e2d",
  "submitTime": "2022-11-21",
  "title": "Tenda AC1200\u6388\u6743\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2022-40843 (GCVE-0-2022-40843)

Vulnerability from cvelistv5 – Published: 2022-11-15 00:00 – Updated: 2024-08-03 12:28

Summary

The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://boschko.ca/tenda_ac1200_router/

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:28:42.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://boschko.ca/tenda_ac1200_router/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator\u0027s user account."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-30T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://boschko.ca/tenda_ac1200_router/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-40843",
    "datePublished": "2022-11-15T00:00:00",
    "dateReserved": "2022-09-19T00:00:00",
    "dateUpdated": "2024-08-03T12:28:42.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-80693

CVE-2022-40843 (GCVE-0-2022-40843)

Tags

Sightings

Nomenclature