Tenda W18E Incorrect Access Control Vulnerability Allowing Unauthorized WiFi and Admin Credential Changes

Vulnerability

An incorrect access control vulnerability has been identified in the Tenda W18E router, specifically in version V16.01.0.8(1625). The issue allows attackers to send specially crafted HTTP POST requests to the setQuickCfgWifiAndLogin function. This exploitation can lead to unauthorized modifications of WiFi configuration settings and administrative credentials.

Impact

Exploitation of this vulnerability could result in unauthorized access to the router's administrative interface and the ability to change WiFi settings, potentially allowing for unauthorized network access.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda W18E Incorrect Access Control Vulnerability Allowing Unauthorized WiFi and Admin Credential Changes

Vulnerability

Impact

Affected Products

Tenda W18E

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating