CVE-2022-45980

CVSS 8.8 HIGHEPSS 7.5%CWE-352

In short

The Tenda AX12 router has a flaw that allows attackers to trick users into performing unwanted actions on their router settings through malicious websites. An attacker can force a user to restore the router to default settings without their knowledge.

Technical detail

A Cross-Site Request Forgery (CSRF) vulnerability exists in the /goform/SysToolRestoreSet endpoint of Tenda AX12 V22.03.01.21_CN. The vulnerability permits an unauthenticated attacker to forge requests that execute system restore operations by tricking an authenticated router administrator into visiting a malicious website, resulting in potential loss of router configuration and security posture.

Summary generated and translated by AI from the official description.

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/The-Itach1/IOT-CVE/tree/master/Tenda/AX12/6