Details of VAR-202211-1008

ID

VAR-202211-1008

CVE

CVE-2022-40843

TITLE

Tenda AC1200 authorization error vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-80693

DESCRIPTION

The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account. Tenda AC1200 is a wireless router made by China Tenda Company

Trust: 1.44

sources: NVD: CVE-2022-40843 // CNVD: CNVD-2022-80693

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-80693

AFFECTED PRODUCTS

vendor:	tenda	model:	w15e	scope:	eq	version:	15.11.0.10\(1576\)	Trust: 1.0
vendor:	netgear	model:	ac1200	scope:	eq	version:	v215.11.0.10(1576)	Trust: 0.6

sources: CNVD: CNVD-2022-80693 // NVD: CVE-2022-40843

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-40843
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2022-80693
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202211-2786
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-80693
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:N/AC:L/AU:M/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-40843
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-80693 // CNNVD: CNNVD-202211-2786 // NVD: CVE-2022-40843

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2022-40843

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2786

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2786

EXTERNAL IDS

db:	NVD	id:	CVE-2022-40843	Trust: 2.2
db:	CNVD	id:	CNVD-2022-80693	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-2786	Trust: 0.6

sources: CNVD: CNVD-2022-80693 // CNNVD: CNNVD-202211-2786 // NVD: CVE-2022-40843

REFERENCES

url:	https://boschko.ca/tenda_ac1200_router/	Trust: 1.6
url:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-40843	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40843	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-40843/	Trust: 0.6

sources: CNVD: CNVD-2022-80693 // CNNVD: CNNVD-202211-2786 // NVD: CVE-2022-40843

SOURCES

db:	CNVD	id:	CNVD-2022-80693
db:	CNNVD	id:	CNNVD-202211-2786
db:	NVD	id:	CVE-2022-40843

LAST UPDATE DATE

2024-08-14T14:30:51.864000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-80693	date:	2022-11-24T00:00:00
db:	CNNVD	id:	CNNVD-202211-2786	date:	2022-11-21T00:00:00
db:	NVD	id:	CVE-2022-40843	date:	2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-80693	date:	2022-11-24T00:00:00
db:	CNNVD	id:	CNNVD-202211-2786	date:	2022-11-14T00:00:00
db:	NVD	id:	CVE-2022-40843	date:	2022-11-15T02:15:09.093