Details of VAR-202502-1335

ID

VAR-202502-1335

CVE

CVE-2024-46437

TITLE

Shenzhen Tenda Technology Co.,Ltd. of w18e Information disclosure vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020902

DESCRIPTION

A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware has an information disclosure vulnerability.Information may be obtained. Tenda W18E version 16.01.0.8(1625) has an information leakage vulnerability. The vulnerability is caused by the application's insufficient protection of sensitive information. Attackers can exploit this vulnerability to retrieve sensitive configuration information

Trust: 2.16

sources: NVD: CVE-2024-46437 // JVNDB: JVNDB-2024-020902 // CNVD: CNVD-2025-09404

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-09404

AFFECTED PRODUCTS

vendor:	tenda	model:	w18e	scope:	eq	version:	16.01.0.8\(1625\)	Trust: 1.0
vendor:	tenda	model:	w18e	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w18e	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	w18e	scope:	eq	version:	w18e firmware 16.01.0.8(1625)	Trust: 0.8
vendor:	tenda	model:	w18e	scope:	eq	version:	16.01.0.8(1625)	Trust: 0.6

sources: CNVD: CNVD-2025-09404 // JVNDB: JVNDB-2024-020902 // NVD: CVE-2024-46437

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-46437
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-020902
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-09404
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-09404
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-46437
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-020902
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-09404 // JVNDB: JVNDB-2024-020902 // NVD: CVE-2024-46437

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020902 // NVD: CVE-2024-46437

EXTERNAL IDS

db:	NVD	id:	CVE-2024-46437	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-020902	Trust: 0.8
db:	CNVD	id:	CNVD-2025-09404	Trust: 0.6

sources: CNVD: CNVD-2025-09404 // JVNDB: JVNDB-2024-020902 // NVD: CVE-2024-46437

REFERENCES

url:	https://reddassolutions.com/blog/tenda_w18e_security_research	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-46437	Trust: 1.4

sources: CNVD: CNVD-2025-09404 // JVNDB: JVNDB-2024-020902 // NVD: CVE-2024-46437

SOURCES

db:	CNVD	id:	CNVD-2025-09404
db:	JVNDB	id:	JVNDB-2024-020902
db:	NVD	id:	CVE-2024-46437

LAST UPDATE DATE

2025-05-13T23:11:26.312000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-09404	date:	2025-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-020902	date:	2025-03-26T00:36:00
db:	NVD	id:	CVE-2024-46437	date:	2025-03-25T17:38:44.810

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-09404	date:	2025-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2024-020902	date:	2025-03-26T00:00:00
db:	NVD	id:	CVE-2024-46437	date:	2025-02-10T19:15:39.200