Sign-up

ID

VAR-202502-0923


CVE

CVE-2024-46434


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  w18e  Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020987

DESCRIPTION

Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request. Shenzhen Tenda Technology Co.,Ltd. of w18e An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W18E 16.01.0.8(1625) version has an authorization issue vulnerability. The vulnerability is caused by improper authentication of the device

Trust: 2.16

sources: NVD: CVE-2024-46434 // JVNDB: JVNDB-2024-020987 // CNVD: CNVD-2025-05370

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-05370

AFFECTED PRODUCTS

vendor:tendamodel:w18escope:eqversion:16.01.0.8\(1625\)

Trust: 1.0

vendor:tendamodel:w18escope: - version: -

Trust: 0.8

vendor:tendamodel:w18escope:eqversion: -

Trust: 0.8

vendor:tendamodel:w18escope:eqversion:w18e firmware 16.01.0.8(1625)

Trust: 0.8

vendor:tendamodel:w18escope:eqversion:16.01.0.8(1625)

Trust: 0.6

sources: CNVD: CNVD-2025-05370 // JVNDB: JVNDB-2024-020987 // NVD: CVE-2024-46434

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-46434
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-020987
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-05370
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-05370
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-46434
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-020987
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-05370 // JVNDB: JVNDB-2024-020987 // NVD: CVE-2024-46434

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-020987 // NVD: CVE-2024-46434

EXTERNAL IDS

db:NVDid:CVE-2024-46434

Trust: 3.2

db:JVNDBid:JVNDB-2024-020987

Trust: 0.8

db:CNVDid:CNVD-2025-05370

Trust: 0.6

sources: CNVD: CNVD-2025-05370 // JVNDB: JVNDB-2024-020987 // NVD: CVE-2024-46434

REFERENCES

url:https://reddassolutions.com/blog/tenda_w18e_security_research

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-46434

Trust: 1.4

sources: CNVD: CNVD-2025-05370 // JVNDB: JVNDB-2024-020987 // NVD: CVE-2024-46434

SOURCES

db:CNVDid:CNVD-2025-05370
db:JVNDBid:JVNDB-2024-020987
db:NVDid:CVE-2024-46434

LAST UPDATE DATE

2025-03-28T23:21:56.007000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-05370date:2025-03-19T00:00:00
db:JVNDBid:JVNDB-2024-020987date:2025-03-27T02:30:00
db:NVDid:CVE-2024-46434date:2025-03-25T18:13:15.993

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-05370date:2025-03-19T00:00:00
db:JVNDBid:JVNDB-2024-020987date:2025-03-27T00:00:00
db:NVDid:CVE-2024-46434date:2025-02-10T19:15:38.803