CVE Alert: CVE-2024-46432

February 11, 2025
image 1

Vulnerability Summary: CVE-2024-46432

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials.

Affected Endpoints:

  • POST request

Published Date:

2/10/2025, 7:15:38 PM

🔥 CVSS Score:

CVSS v3 Score: 8.8 (High)

Exploit Status:

Not Exploited

References:

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

CISA_Logo

CISA: CISA Releases Two Industrial Control Systems Advisories

February 11, 2025
image

[FOG] – Ransomware Victim: Saint George’s College (saintgeorge[.]cl)

February 11, 2025
image

[FOG] – Ransomware Victim: Aurora Public Schools (aurorak12[.]org)

February 11, 2025
image

[FOG] – Ransomware Victim: The University of Notre Dame Australia (nd[.]edu[.]au)

February 11, 2025
image

[MEDUSA] – Ransomware Victim: SRP Companies

February 11, 2025