CVE-2024-46430

Summary

CVE-2024-46430 is a newly identified vulnerability affecting Tenda W18E routers with firmware version V16.01.0.8(1625). This issue involves Incorrect Access Control, allowing unauthenticated remote attackers to manipulate the router's settings by sending a crafted HTTP POST request to the setLoginPassword function. By successfully executing this request, attackers can bypass the authentication mechanism and change the administrator password, gaining unauthorized access to the device. This vulnerability poses a significant risk, as it allows attackers to potentially take control of the router and launch further cyberattacks on the connected network. Users are advised to update their devices to the latest firmware version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.