Details of VAR-202502-1491

ID

VAR-202502-1491

CVE

CVE-2024-46430

TITLE

Shenzhen Tenda Technology Co.,Ltd. of w18e Access control vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020903

DESCRIPTION

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism. Shenzhen Tenda Technology Co.,Ltd

Trust: 2.16

sources: NVD: CVE-2024-46430 // JVNDB: JVNDB-2024-020903 // CNVD: CNVD-2025-05373

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-05373

AFFECTED PRODUCTS

vendor:	tenda	model:	w18e	scope:	eq	version:	16.01.0.8\(1625\)	Trust: 1.0
vendor:	tenda	model:	w18e	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w18e	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	w18e	scope:	eq	version:	w18e firmware 16.01.0.8(1625)	Trust: 0.8
vendor:	tenda	model:	w18e	scope:	eq	version:	16.01.0.8(1625)	Trust: 0.6

sources: CNVD: CNVD-2025-05373 // JVNDB: JVNDB-2024-020903 // NVD: CVE-2024-46430

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-46430
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-020903
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-05373
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-05373
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-46430
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-020903
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-05373 // JVNDB: JVNDB-2024-020903 // NVD: CVE-2024-46430

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020903 // NVD: CVE-2024-46430

EXTERNAL IDS

db:	NVD	id:	CVE-2024-46430	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-020903	Trust: 0.8
db:	CNVD	id:	CNVD-2025-05373	Trust: 0.6

sources: CNVD: CNVD-2025-05373 // JVNDB: JVNDB-2024-020903 // NVD: CVE-2024-46430

REFERENCES

url:	https://reddassolutions.com/blog/tenda_w18e_security_research	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-46430	Trust: 1.4

sources: CNVD: CNVD-2025-05373 // JVNDB: JVNDB-2024-020903 // NVD: CVE-2024-46430

SOURCES

db:	CNVD	id:	CNVD-2025-05373
db:	JVNDB	id:	JVNDB-2024-020903
db:	NVD	id:	CVE-2024-46430

LAST UPDATE DATE

2025-03-28T02:52:25.158000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-05373	date:	2025-03-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-020903	date:	2025-03-26T00:36:00
db:	NVD	id:	CVE-2024-46430	date:	2025-03-25T18:12:41.753

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-05373	date:	2025-03-19T00:00:00
db:	JVNDB	id:	JVNDB-2024-020903	date:	2025-03-26T00:00:00
db:	NVD	id:	CVE-2024-46430	date:	2025-02-10T19:15:38.273