CVE-2024-46437

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 10, 2025

CWE ID 200

Summary

CVE-2024-46437 is a new vulnerability affecting the Tenda W18E V16.01.0.8(1625) web management portal. This issue permits unauthenticated remote attackers to access sensitive configuration data through a specially crafted HTTP POST request. The disclosed information includes WiFi SSID, WiFi password, and base64-encoded administrator credentials, posing a significant risk to network security. It is essential for users to update their devices as soon as a patch becomes available to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/yhsYTj
https://www.cve.org/CVERecord?id=CVE-2024-46437
https://nvd.nist.gov/vuln/detail/CVE-2024-46437

Back to Vulnerability Database

CVE-2024-46437

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations