Tenda TDSEE App Password Reset Excessive Authentication Vulnerability

A vulnerability exists in the Tenda TDSEE mobile application for managing smart cameras, specifically in versions prior to 1.7.12. The issue arises in the password reset functionality, where the application fails to limit the number of confirmation code requests. This lack of rate limiting allows attackers to brute-force the verification codes, leading to unauthorized account access. Exploitation can be performed remotely without authentication, by knowing the victim's email address.

Impact

Exploitation of this vulnerability allows for unauthorized password resets, enabling attackers to gain full access to the victim's account, including any videos from connected cameras.

Reproduction

To reproduce this vulnerability, initiate a password reset request by entering the victim's email address. Then, repeatedly send confirmation code requests without any rate limit, brute-forcing the 6-digit verification codes until the correct one is found.

Remediation

Users are advised to upgrade to Tenda TDSEE App version 1.7.15, which addresses this vulnerability by implementing a rate limit on confirmation code requests.