CVE-2024-46437 Information

Description

A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information including WiFi SSID WiFi password and base64-encoded administrator credentials by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function bypassing authentication checks.

Reference

https://reddassolutions.com/blog/tenda_w18e_security_research