Details of VAR-202501-2809

ID

VAR-202501-2809

CVE

CVE-2024-46450

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC6 Lack of Authentication Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-025825

DESCRIPTION

Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request. Shenzhen Tenda Technology Co.,Ltd. of AC6 A lack of authentication vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Tenda AC1200 has an access control error vulnerability, which is caused by incorrect access control. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2024-46450 // JVNDB: JVNDB-2024-025825 // CNVD: CNVD-2025-09858

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-09858

AFFECTED PRODUCTS

vendor:	tenda	model:	ac6	scope:	eq	version:	15.03.06.50	Trust: 1.0
vendor:	tenda	model:	ac6	scope:	eq	version:	ac6 firmware 15.03.06.50	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac1200	scope:	eq	version:	15.03.06.50	Trust: 0.6

sources: CNVD: CNVD-2025-09858 // JVNDB: JVNDB-2024-025825 // NVD: CVE-2024-46450

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-46450
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-025825
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-09858
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-09858
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-46450
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-025825
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-09858 // JVNDB: JVNDB-2024-025825 // NVD: CVE-2024-46450

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.0
problemtype:	Lack of authentication (CWE-862) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-025825 // NVD: CVE-2024-46450

EXTERNAL IDS

db:	NVD	id:	CVE-2024-46450	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-025825	Trust: 0.8
db:	CNVD	id:	CNVD-2025-09858	Trust: 0.6

sources: CNVD: CNVD-2025-09858 // JVNDB: JVNDB-2024-025825 // NVD: CVE-2024-46450

REFERENCES

url:	https://pastebin.com/bxxtqszk	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-46450	Trust: 1.4

sources: CNVD: CNVD-2025-09858 // JVNDB: JVNDB-2024-025825 // NVD: CVE-2024-46450

SOURCES

db:	CNVD	id:	CNVD-2025-09858
db:	JVNDB	id:	JVNDB-2024-025825
db:	NVD	id:	CVE-2024-46450

LAST UPDATE DATE

2025-07-09T23:22:27.884000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-09858	date:	2025-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2024-025825	date:	2025-07-08T07:17:00
db:	NVD	id:	CVE-2024-46450	date:	2025-07-07T16:40:50.920

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-09858	date:	2025-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2024-025825	date:	2025-07-08T00:00:00
db:	NVD	id:	CVE-2024-46450	date:	2025-01-16T22:15:39.840