Sign-up

ID

VAR-202502-0633


CVE

CVE-2024-46432


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  w18e  Access control vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020988

DESCRIPTION

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.16

sources: NVD: CVE-2024-46432 // JVNDB: JVNDB-2024-020988 // CNVD: CNVD-2025-05374

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-05374

AFFECTED PRODUCTS

vendor:tendamodel:w18escope:eqversion:16.01.0.8\(1625\)

Trust: 1.0

vendor:tendamodel:w18escope: - version: -

Trust: 0.8

vendor:tendamodel:w18escope:eqversion: -

Trust: 0.8

vendor:tendamodel:w18escope:eqversion:w18e firmware 16.01.0.8(1625)

Trust: 0.8

vendor:tendamodel:w18escope:eqversion:16.01.0.8(1625)

Trust: 0.6

sources: CNVD: CNVD-2025-05374 // JVNDB: JVNDB-2024-020988 // NVD: CVE-2024-46432

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-46432
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-020988
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-05374
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-05374
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-46432
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-020988
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-05374 // JVNDB: JVNDB-2024-020988 // NVD: CVE-2024-46432

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-020988 // NVD: CVE-2024-46432

EXTERNAL IDS

db:NVDid:CVE-2024-46432

Trust: 3.2

db:JVNDBid:JVNDB-2024-020988

Trust: 0.8

db:CNVDid:CNVD-2025-05374

Trust: 0.6

sources: CNVD: CNVD-2025-05374 // JVNDB: JVNDB-2024-020988 // NVD: CVE-2024-46432

REFERENCES

url:https://reddassolutions.com/blog/tenda_w18e_security_research

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-46432

Trust: 1.4

sources: CNVD: CNVD-2025-05374 // JVNDB: JVNDB-2024-020988 // NVD: CVE-2024-46432

SOURCES

db:CNVDid:CNVD-2025-05374
db:JVNDBid:JVNDB-2024-020988
db:NVDid:CVE-2024-46432

LAST UPDATE DATE

2025-03-28T23:31:22.107000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-05374date:2025-03-19T00:00:00
db:JVNDBid:JVNDB-2024-020988date:2025-03-27T02:30:00
db:NVDid:CVE-2024-46432date:2025-03-25T18:13:06.687

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-05374date:2025-03-19T00:00:00
db:JVNDBid:JVNDB-2024-020988date:2025-03-27T00:00:00
db:NVDid:CVE-2024-46432date:2025-02-10T19:15:38.540