CVE-2024-46430 Information

Description

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function bypassing the authentication mechanism.

Reference

https://reddassolutions.com/blog/tenda_w18e_security_research