Security Advisory

CVE-2024-46437

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-10 00:00:00

Last updated 2025-02-10 21:40:28

Assigner mitre

State PUBLISHED

Description

A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks.

← Browse all CVEs View on cve.org ↗